Issue: Excessive inbound spam from someTLDs using. Example list here: https://www.spamhaus.org/statistics/tlds/
Server in use is Exim, managed by cPanel/WHM.
Solution: Create a custom filters (sysfilter) for Exim to prevent email to/from specific “.xxx” TLDs
Place each sysfilter block you wish to include in a unique file (name) in:
Enable or disable the custom block in WHM using:
Service Configuration => Exim Configuration Manager => Filters => Custom Filter: [your unique file]
Syntax for sysfilter:
if first_delivery and ("$h_to:, $h_cc:" contains ".xxx") or ("$h_from:" contains ".xxx") then seen finish endif
If you want those spam messages redirected to some other specific address (for monitoring perhaps), then use this syntax:
if first_delivery and ("$h_to:, $h_cc:" contains ".xxx") or ("$h_from:" contains ".xxx") then deliver "Spam Filter <[email protected]>" seen finish endif
Restart Exim after complete.
Download zipped filter files: sysfilters