| Current File : //etc/cpanel_exim_system_filter |
# Exim filter
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# cPanel System Filter for EXIM #
# VERSION = 2.0 #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!DO NOT MODIFY THIS FILE DIRECTLY!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Direct modifications to the /etc/cpanel_exim_system_filter file will be lost when the configuration is #
# next rebuilt. To have modifications retained, please use one of the following options: #
# #
# 1) #
# * Place each sysfilter block you wish to include in a unique file at: #
# /usr/local/cpanel/etc/exim/sysfilter/options/ #
# * Enable or disable the custom block in WHM using: #
# Service Configuration => Exim Configuration Manager => Filters => Custom Filter: [your unique file] #
# #
# 2) #
# * Create a custom sysfilter file in /etc/ #
# * Change the location of the sysfilter file in WHM using: #
# Service Configuration => Exim Configuration Manager => Filters => System Filter File #
# #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!DO NOT MODIFY THIS FILE DIRECTLY!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# #
# Only process once #
# #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
if not first_delivery
then
finish
endif
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# #
# Ignore "real" errors #
# #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
if error_message and $header_from: contains "Mailer-Daemon@"
then
finish
endif
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/attachments
# (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
# or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf
## -----------------------------------------------------------------------
# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename [content_type_quoted_fn_match]
if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"
then
fail text "This message has been rejected because it has\n\
potentially executable content $1\n\
This form of attachment has been used by\n\
recent viruses or other malware.\n\
If you meant to send this file then please\n\
package it up as a zip file and resend it."
seen finish
endif
# same again using unquoted filename [content_type_unquoted_fn_match]
if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))([\\\\s;]|\\$)"
then
fail text "This message has been rejected because it has\n\
potentially executable content $1\n\
This form of attachment has been used by\n\
recent viruses or other malware.\n\
If you meant to send this file then please\n\
package it up as a zip file and resend it."
seen finish
endif
## -----------------------------------------------------------------------
# Attempt to catch embedded VBS attachments
# in emails. These were used as the basis for
# the ILOVEYOU virus and its variants - many many varients
# Quoted filename - [body_quoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]"
then
fail text "This message has been rejected because it has\n\
a potentially executable attachment $1\n\
This form of attachment has been used by\n\
recent viruses or other malware.\n\
If you meant to send this file then please\n\
package it up as a zip file and resend it."
seen finish
endif
# same again using unquoted filename [body_unquoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]"
then
fail text "This message has been rejected because it has\n\
a potentially executable attachment $1\n\
This form of attachment has been used by\n\
recent viruses or other malware.\n\
If you meant to send this file then please\n\
package it up as a zip file and resend it."
seen finish
endif
## -----------------------------------------------------------------------
#### Version history
#
# 0.01 5 May 2000
# Initial release
# 0.02 8 May 2000
# Widened list of content-types accepted, added WSF extension
# 0.03 8 May 2000
# Embedded the install notes in for those that don't do manuals
# 0.04 9 May 2000
# Check global content-type header. Efficiency mods to REs
# 0.05 9 May 2000
# More minor efficiency mods, doc changes
# 0.06 20 June 2000
# Added extension handling - thx to Douglas Gray Stephens & Jeff Carnahan
# 0.07 19 July 2000
# Latest MS Outhouse bug catching
# 0.08 19 July 2000
# Changed trigger length to 80 chars, fixed some spelling
# 0.09 29 September 2000
# More extensions... its getting so we should just allow 2 or 3 through
# 0.10 18 January 2001
# Removed exclusion for error messages - this is a little nasty
# since it has other side effects, hence we do still exclude
# on unix like error messages
# 0.11 20 March, 2001
# Added CMD extension, tidied docs slightly, added RCS tag
# ** Missed changing version number at top of file :-(
# 0.12 10 May, 2001
# Added HTA extension
# 0.13 22 May, 2001
# Reformatted regexps and code to build them so that they are
# shorter than the limits on pre exim 3.20 filters. This will
# make them significantly less efficient, but I am getting so
# many queries about this that requiring 3.2x appears unsupportable.
# 0.14 15 August,2001
# Added .lnk extension - most requested item :-)
# Reformatted everything so its now built from a set of short
# library files, cutting down on manual duplication.
# Changed \w in filename detection to . - dodges locale problems
# Explicit application of GPL after queries on license status
# 0.15 17 August, 2001
# Changed the . in filename detect to \S (stops it going mad)
# 0.16 19 September, 2001
# Pile of new extensions including the eml in current use
# 0.17 19 September, 2001
# Syntax fix
#
#### Install Notes
#
# Exim filters run the exim filter language - a very primitive
# scripting language - in place of a user .forward file, or on
# a per system basis (on all messages passing through).
# The filtering capability is documented in the main set of manuals
# a copy of which can be found on the exim web site
# http://www.exim.org/
#
# To install, copy the filter file (with appropriate permissions)
# to /etc/exim/system_filter.exim and add to your exim config file
# [location is installation depedant - typicaly /etc/exim/config ]
# in the first section the line:-
# message_filter = /etc/exim/system_filter.exim
# message_body_visible = 5000
#
# You may also want to set the message_filter_user & message_filter_group
# options, but they default to the standard exim user and so can
# be left untouched. The other message_filter_* options are only
# needed if you modify this to do other functions such as deliveries.
# The main exim documentation is quite thorough and so I see no need
# to expand it here...
#
# Any message that matches the filter will then be bounced.
# If you wish you can change the error message by editing it
# in the section above - however be careful you don't break it.
#
# After install exim should be restarted - a kill -HUP to the
# daemon will do this.
#
#### LIMITATIONS
#
# This filter tries to parse MIME with a regexp... that doesn't
# work too well. It will also only see the amount of the body
# specified in message_body_visible
#
#### BASIS
#
# The regexp that is used to pickup MIME/uuencoded body parts with
# quoted filenames is replicated below (in perl format).
# You need to remember that exim converts newlines to spaces in
# the message_body variable.
#
# (?:Content- # start of content header
# (?:Type: (?>\s*) # rest of c/t header
# [\w-]+/[\w-]+ # content-type (any)
# |Disposition: (?>\s*) # content-disposition hdr
# attachment) # content-disposition
# ;(?>\s*) # ; space or newline
# (?:file)?name= # filename=/name=
# |begin (?>\s+) [0-7]{3,4} (?>\s+)) # begin octal-mode
# (\"[^\"]+\. # quoted filename.
# (?:ad[ep] # list of extns
# |ba[st]
# |chm
# |cmd
# |com
# |cpl
# |crt
# |eml
# |exe
# |hlp
# |hta
# |in[fs]
# |isp
# |jse?
# |lnk
# |md[be]
# |ms[cipt]
# |pcd
# |pif
# |reg
# |scr
# |sct
# |shs
# |url
# |vb[se]
# |ws[fhc])
# \" # end quote
# ) # end of filename capture
# [\s;] # trailing ;/space/newline
#
#
### [End]
# END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/attachments
# BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/cpanel_phishing
# (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
# or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf
if ( $header_subject contains "disk quota" and $received_protocol does not contain "smtpa" )
then
headers add "NewSubject: **** POSSIBLE FAKE MAIL **** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Unauth system message "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Unauth system message (disk quota)"
elif ( $header_subject contains "A/C: Acao necessaria" and $received_protocol does not contain "smtpa" )
then
headers add "NewSubject: **** POSSIBLE FAKE MAIL **** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Unauth system message "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Unauth system message (acao necessaria)"
elif ( $header_subject contains "Actie vereist: DNS repareren" and $received_protocol does not contain "smtpa" )
then
headers add "NewSubject: **** POSSIBLE FAKE MAIL **** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Unauth system message "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Unauth system message (dns repareren)"
endif
# END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/cpanel_phishing
# BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/invalid_name_in_sender
# (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
# or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf
if ("$h_from:" contains "\"" and "${sg{$h_From:}{ *<.*>\\$}{}}" contains "@" and "${sg{$h_From:}{ *<.*>\\$}{}}" does not contain "${addresses:$h_from:}" and "${sg{$h_From:}{ *<.*>\\$}{}}" does not contain " @ " and "${addresses:$h_from:}" does not contain "ptisp.pt" )
then
headers add "NewSubject: **** POSSIBLE PHISHING **** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("${addresses:$h_from:}" contains "@dominios.pt" )
then
headers add "X-Cleanmx-Suspect: Clean - Internal systems - Sender : ${addresses:$h_from:} "
elif ("${addresses:$h_from:}" contains "@ptisp.pt" )
then
headers add "X-Cleanmx-Suspect: Clean - Internal systems - Sender : ${addresses:$h_from:} "
elif ("${addresses:$h_from:}" contains "reports@ptisp.systems" )
then
headers add "X-Cleanmx-Suspect: Clean - Internal systems - Sender : ${addresses:$h_from:} "
elif ("${addresses:$h_from:}" contains "reminder@ascio.com" )
then
headers add "X-Cleanmx-Suspect: Clean - Domain Validation - Sender : ${addresses:$h_from:} "
elif ("${addresses:$h_from:}" contains "reminder@registrant-verification.com" )
then
headers add "X-Cleanmx-Suspect: Clean - Domain Validation - Sender : ${addresses:$h_from:} "
elif ("${addresses:$h_from:}" contains "no-reply@host-services.com" )
then
headers add "X-Cleanmx-Suspect: Clean - Domain Validation - Sender : ${addresses:$h_from:} "
elif ("${addresses:$h_from:}" contains "smtpfox-" )
then
fail text "Compromised account. Spam is not wanted here."
elif ("$h_subject" contains " foi suspenso." and ("${addresses:$h_from:}" does not contain "ptisp.pt" or "${addresses:$h_from:}" does not contain "dominios.pt" or "${addresses:$h_from:}" does not contain "amen.pt" ))
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name (v10): ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$header_Content-Type" contains "dominios" and "${addresses:$h_from:}" does not contain "dominios.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name (v13): ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$header_Content-Type" contains "logo_doos" and "${addresses:$h_from:}" does not contain "dominios.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name (v14): ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$message_body" contains "abaixo indicados expiram dentro" and ( "${addresses:$h_from:}" does not contain "ptisp.pt" or "${addresses:$h_from:}" does not contain "dominios.pt" or "${addresses:$h_from:}" does not contain "amen.pt" ))
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name (v11): ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$h_from:" contains "ptsip" and "${addresses:$h_from:}" does not contain "ptisp.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$h_from:" contains "ptisp" and "${addresses:$h_from:}" does not contain "ptisp.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$h_from:" contains "\xce\xa1\xce\xa4\xd1\x96\xd1\x95\xd1\x80" and "${addresses:$h_from:}" does not contain "ptisp.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name (v7): ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$h_from:" contains "B\xd1\x96\xd0\x86\xd0\x86\xd1\x96" and "${addresses:$h_from:}" does not contain "ptisp.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name (v8): ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$h_from:" contains "dominios.pt" and "${addresses:$h_from:}" does not contain "dominios.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$h_from:" matches "d(o|\xd0\xbe)mini(o|\xd0\xbe)(s|\xd1\x95)\.pt" and "${addresses:$h_from:}" does not contain "dominios.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name (v1): ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$h_from:" matches "d(o|\xd0\xbe)mini(o|\xd0\xbe)(s|\xd1\x95)pt" and "${addresses:$h_from:}" does not contain "dominios.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name (v2): ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$h_from:" contains "d(o|\xd0\xbe)mini(o|\xd0\xbe)" and "${addresses:$h_from:}" does not contain "dominios.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name (v3): ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$h_from:" contains "d\xd0\xbemini\xd0\xbe" and "${addresses:$h_from:}" does not contain "dominios.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name (v4): ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$h_from:" contains "d\xce\xbfm\xd1\x96n\xd1\x96" and "${addresses:$h_from:}" does not contain "dominios.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name (v6): ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$h_from:" contains "d(o|\xd0\xbe)m(i|\xd1\x96)n(i|\xd1\x96)(o|\xd0\xbe)(s|\xd1\x95)" and "${addresses:$h_from:}" does not contain "dominios.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name (v9): ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$h_from:" contains "dominiospt" and "${addresses:$h_from:}" does not contain "dominios.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$h_from:" contains " amen " and "${addresses:$h_from:}" does not contain "amen.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$h_from:" contains "amen.pt" and "${addresses:$h_from:}" does not contain "amen.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
elif ("$h_from:" contains "\"" and "$h_from:" contains "amenpt" and "${addresses:$h_from:}" does not contain "amen.pt" )
then
headers add "NewSubject: ** POSSIBLE PHISHING - Verifique o remetente ** $h_Subject:"
headers remove Subject
headers add "Subject: $h_NewSubject:"
headers remove NewSubject
headers add "X-Cleanmx-Suspect: Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
unseen deliver "bin@ptisp.systems"
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Name : ${sg{$h_From:}{ *<.*>\\$}{}} - Sender : ${addresses:$h_from:} "
endif
# END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/invalid_name_in_sender
# BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/sender_block
# (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
# or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf
if ${lookup{$sender_address_domain}lsearch{/etc/blocked_domains}{1}} is 1
then
logfile /var/log/filtro.log 644
logwrite "$tod_full - $message_id - Spam Reject - Sender : ${addresses:$h_from:} "
fail text "The mail server detected your message as spam and has prevented delivery / Mensagem rejeitada por suspeita de spam"
endif
# END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/sender_block
# BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/spam_rewrite
# (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
# or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf
if "${if def:header_X-Spam-Subject: {there}}" is there
then
headers remove Subject
headers add "Subject: $rh_X-Spam-Subject:"
headers remove X-Spam-Subject
endif
# END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/spam_rewrite