{"id":5902,"date":"2024-12-09T22:49:00","date_gmt":"2024-12-10T04:49:00","guid":{"rendered":"https:\/\/www.incredigeek.com\/home\/?p=5902"},"modified":"2025-05-14T14:04:25","modified_gmt":"2025-05-14T19:04:25","slug":"add-warning-for-emails-from-external-domains-in-cpanel-whm","status":"publish","type":"post","link":"https:\/\/www.incredigeek.com\/home\/add-warning-for-emails-from-external-domains-in-cpanel-whm\/","title":{"rendered":"Add warning for emails from external domains in cPanel\/WHM"},"content":{"rendered":"\n

In this post we are going to setup Exim to add “[External]” to the email subject if it originates from outside of the domain.<\/p>\n\n\n\n

Thanks to Sam for this post. It was extremely helpful.
https:\/\/tech.saqr.org\/2020\/01\/for-incoming-email-not-from-our-domain.html<\/a><\/p>\n\n\n\n

\u2139\ufe0fExim filters do not appear to allow you to manipulate the body of an email, to do that you would need to use something like altermime<\/a>.<\/em><\/p>\n\n\n\n

Steps<\/strong><\/p>\n\n\n\n

    \n
  1. Create a new Exim Filter<\/li>\n\n\n\n
  2. Enable Filter<\/li>\n<\/ol>\n\n\n\n

    Create an Exim Filter<\/h2>\n\n\n\n

    SSH to the server and create a Exim filter. In cPanel there are in \/usr\/local\/cpanel\/etc\/exim\/sysfilter\/options\/<\/code>. You can name the filter what ever you want. <\/p>\n\n\n\n

    vi \/usr\/local\/cpanel\/etc\/exim\/sysfilter\/options\/external_email_warning<\/code><\/pre>\n\n\n\n
    Change “incredigeek.com” to your domain name.
    You can also change “[External]” to whatever you want to be prepended to the subject.<\/p>\n\n\n\n
    if\n  $header_to: contains \"@incredigeek.com>\"\n  and $sender_address: does not contain \"@incredigeek.com>\"\n  and $header_subject: does not contain \"[External]\"\nthen\n  headers add \"Old-Subject: $h_subject:\"\n  headers remove \"Subject\"\n  headers add \"Subject: [External] $h_old-subject\"\n  headers remove \"Old-Subject\"\nendif<\/code><\/pre>\n\n\n\n
    Save the file.<\/p>\n\n\n\n
    You can replace $sender_address<\/code> with $header_from<\/code>.  While both can technically be forged, sender_address<\/code> refers to the envelope sender provided by the SMTP MAIL FROM command and is harder to spoof if SPF is set up.  header_from<\/code> can be spoofed by just about any email client by change the from name.<\/p>\n\n\n\n
    Enable Custom Exim Filter<\/h2>\n\n\n\n
    Now log into WHM, go to Service Configuration > Exim Configuration Manager > Basic Editor > Filters<\/p>\n\n\n\n
    At the bottom of the filters, you should see a new “Custom Filter: external_email_filter”
    This is the filter you just created.  Make sure it is On, and Save<\/strong> changes.<\/p>\n\n\n\n
    \"Enable<\/a><\/figure>\n\n\n\n
    There you go!  Any email you receive now that is from an external domain should now have “[External]”, or whatever you specified, prepended to the subject.  <\/p>\n\n\n\n
    If you run into any errors, try reviewing the panic log to see if there are any syntax errors.<\/p>\n\n\n\n
    Troubleshooting<\/h2>\n\n\n\n
    You can use tail to follow the panic log to verify you have all the syntax correct.<\/p>\n\n\n\n
    tail \/var\/log\/exim_paniclog -f<\/code><\/pre>\n\n\n\n
    <\/p>\n\n\n\n
    More Information and Links<\/h2>\n\n\n\n
    How to Customize the Exim System Filter File.
    https:\/\/docs.cpanel.net\/knowledge-base\/email\/how-to-customize-the-exim-system-filter-file<\/a><\/p>\n\n\n\n
    Exim Filter Files.
    https:\/\/www.exim.org\/exim-html-current\/doc\/html\/spec_html\/filter_ch-exim_filter_files.html<\/a><\/p>\n\n\n\n
    Manage custom, server-wide Exim filters in cPanel.
    https:\/\/support.cpanel.net\/hc\/en-us\/articles\/4402464439447-How-to-manage-custom-server-wide-Exim-filters-in-cPanel-and-how-to-quickly-enable-and-disable-them-in-the-WHM-UI<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
    In this post we are going to setup Exim to add “[External]” to the email subject if it originates from outside of the domain. Thanks to Sam for this post. It was extremely helpful.https:\/\/tech.saqr.org\/2020\/01\/for-incoming-email-not-from-our-domain.html \u2139\ufe0fExim filters do not appear to … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[195,3],"tags":[196,1718,1262,223,1717,1048,1719,1716,1346,7,382],"class_list":["post-5902","post","type-post","status-publish","format-standard","hentry","category-cpanel","category-linux","tag-cpanel-2","tag-custom-filter","tag-disclaimer","tag-email","tag-email-warning","tag-exim","tag-exim-custom","tag-external-email","tag-filter","tag-linux-2","tag-whm"],"_links":{"self":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/5902","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/comments?post=5902"}],"version-history":[{"count":6,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/5902\/revisions"}],"predecessor-version":[{"id":5986,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/5902\/revisions\/5986"}],"wp:attachment":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/media?parent=5902"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/categories?post=5902"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/tags?post=5902"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}