Paper Lantern for cPanel accounts is being retired this year. Find out more »
cPanel & WHM Version 102 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
This object is in archive! 

Ability to edit the hard coded lines inserted into vfilters by cpanel through a WHM configuration

dubious shared this idea 8 years ago
Open Discussion

A line is currently automatically inserted into every /etc/vfilters/domain.tld file by compiled cpanel code:

This line causes all user defined filters to be bypassed if the message received is spam and has an empty Return-path header, when any filter exists which tries to fail/bounce the message. The problem is that the bounce cannot be successful since the return-path is empty, so exim freezes the message. When the frozen message is thawed after a timeout, the "finish" in the above line above causes all filters to be bypassed and the spam message is delivered.

It would be useful to be able to edit this line in WHM to prevent these spam messages from being delivered. An alternative line might be:


not first_delivery and error_message then seen finish endif

which would cause the message to be deleted with "seen finish" instead of bypassing filters with "finish". Since legitimate error messages also may have blank return-paths, this may catch a few 2nd delivery attempts of legitimate error messages, but those would be extremely rare since most error message are delivered on the first attempt.

Another alternative line might be:


not first_delivery and error_message then


$return_path: does not contain "@" then

seen finish



This option would check to see if there is an email address in the return-path before deleting the message on the 2nd delivery attempt.

Currently any change to the line in the vfilters file is overwritten by cpanel when filters are updated. However, the choice to edit this line should be up to the server administrator. Personally, blocking many spam messages at the expense of possibly blocking a very rare 2nd delivery attempt of an error message is justified, and I would like to make the change.

Without the ability to edit this line that is inserted by default during the cpanel filter creation process, these spam messages cannot be effectively blocked. However due to the possibility of creating infinite loops, this feature should potentially be made available at the WHM level instead of the cpanel user level.

Leave a Comment
Attach a file