Mail Server Block Specific TLDs Inbound

Issue: Excessive inbound spam from someTLDs using. Example list here: https://www.spamhaus.org/statistics/tlds/
Server in use is Exim, managed by cPanel/WHM.

Solution: Create a custom filters (sysfilter) for Exim to prevent email to/from specific “.xxx” TLDs

Place each sysfilter block you wish to include in a unique file (name) in:
/usr/local/cpanel/etc/exim/sysfilter/options/

Enable or disable the custom block in WHM using:
Service Configuration => Exim Configuration Manager => Filters => Custom Filter: [your unique file]

Syntax for sysfilter:

if first_delivery
and ("$h_to:, $h_cc:" contains ".xxx")
or ("$h_from:" contains ".xxx")
then
seen finish
endif

If you want those spam messages redirected to some other specific address (for monitoring perhaps), then use this syntax:

if first_delivery
and ("$h_to:, $h_cc:" contains ".xxx")
or ("$h_from:" contains ".xxx")
then
deliver "Spam Filter <[email protected]>"
seen finish
endif

Restart Exim after complete.

Download zipped filter files: sysfilters

Leave a comment

BlogLogistics