วิธีการ Allow range ip : Microsoft เพื่อป้องกันการถูก Block โดย Server
ปัญหา
เนื่องจากพบปัญหาในการส่ง Email จาก Office365 และ Microsoft เข้า Exim mail server และถูก Exim mail server ปฎิเสธ
แนวทางการแก้ไขปัญหา
1. ทำการ Login WHM
2. ไปที่เมนู Home >> Service Configuration >> Exim Configuration Manager จากนั้นเลือกที่ Trusted SMTP IP addresses คลิก Edit
3. ทำการเพิ่มข้อมูล Range ip จากนั้น Click save
13.107.6.152/3113.107.18.10/3113.107.128.0/2223.103.160.0/2040.96.0.0/1340.104.0.0/1552.96.0.0/14131.253.33.215/32132.245.0.0/16150.171.32.0/22204.79.197.215/322603:1006::/402603:1016::/362603:1026::/362603:1036::/362603:1046::/362603:1056::/362620:1ec:4::152/1282620:1ec:4::153/1282620:1ec:c::10/1282620:1ec:c::11/1282620:1ec:d::10/1282620:1ec:d::11/1282620:1ec:8f0::/462620:1ec:900::/462620:1ec:a92::152/1282620:1ec:a92::153/12840.92.0.0/1540.107.0.0/1652.100.0.0/14104.47.0.0/172a01:111:f400::/482a01:111:f403::/48
4. หลังจากทำการเพิ่มข้อมูล Range ip เรียบร้อยแล้วให้ทำการเลื่อนลงมาที่ล่างสุดและกด Save Config อีกครั้ง
รายละเอียด IP Range อาจมีการปรับเปลี่ยนในอนาคต สามารถดูเพิ่มเติมได้ที่ Link ด้านล่างนี้https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide
ปัญหา มี Email คล้ายๆลักษณะของ is hacked. แต่จะส่งเข้ามาเป็นรูปภาพเพียงอย่างเดียว และ Subject จะแสดงเป็นชื่อของ Account นั้นๆ
ลักษณะรูปภาพ Spam ที่ส่งเข้ามา
การแก้ไขปัญหา
1. ให้ทำการเพิ่ม System filter ในไฟล์ /usr/local/cpanel/etc/exim/sysfilter/options/netway_filters
[root@system ~]# nano -w /usr/local/cpanel/etc/exim/sysfilter/options/netway_filters
2. โดยให้ทำการเพิ่ม Filter Rule ในบรรทัดล่างสุดตามข้อมูลด้านล่าง
if first_deliveryand ("$header_to:" contains "$header_subject:")then failseen finishendif
3. จากนั้นทำการ buildeximconf
[root@system ~]# /scripts/buildeximconf
4. ผลที่ได้จะมีการแก้ไขไฟล์ในส่วนของ /etc/cpanel_exim_system_filter
# Exim filter# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## cPanel System Filter for EXIM ## VERSION = 2.0 ## # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!DO NOT MODIFY THIS FILE DIRECTLY!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ## # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## Direct modifications to the /etc/cpanel_exim_system_filter file will be lost when the configuration is ## next rebuilt. To have modifications retained, please use one of the following options: ## ## 1) ## * Place each sysfilter block you wish to include in a unique file at: ## /usr/local/cpanel/etc/exim/sysfilter/options/ ## * Enable or disable the custom block in WHM using: ## Service Configuration => Exim Configuration Manager => Filters => Custom Filter: [your unique file] ## ## 2) ## * Create a custom sysfilter file in /etc/ ## * Change the location of the sysfilter file in WHM using: ## Service Configuration => Exim Configuration Manager => Filters => System Filter File ## ## # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!DO NOT MODIFY THIS FILE DIRECTLY!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ## # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## ## Only process once ## ## # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #if not first_deliverythen finishendif# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## ## Ignore "real" errors ## ## # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #if error_message and $header_from: contains "Mailer-Daemon@"then finishendif# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/attachments# (Use the Basic Editor in the Exim Configuration Manager in WHM to change)# or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf## -----------------------------------------------------------------------# Look for single part MIME messages with suspicious name extensions# Check Content-Type header using quoted filename [content_type_quoted_fn_match]if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"then fail text "This message has been rejected because it has\n\ potentially executable content $1\n\ This form of attachment has been used by\n\ recent viruses or other malware.\n\ If you meant to send this file then please\n\ package it up as a zip file and resend it." seen finishendif# same again using unquoted filename [content_type_unquoted_fn_match]if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))([\\\\s;]|\\$)"then fail text "This message has been rejected because it has\n\ potentially executable content $1\n\ This form of attachment has been used by\n\ recent viruses or other malware.\n\ If you meant to send this file then please\n\ package it up as a zip file and resend it." seen finishendif
## -----------------------------------------------------------------------# Attempt to catch embedded VBS attachments# in emails. These were used as the basis for# the ILOVEYOU virus and its variants - many many varients# Quoted filename - [body_quoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?-->\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?-->\\\\s*)attachment);(?-->\\\\s*)(?:file)?name=|begin(?-->\\\\s+)[0-7]{3,4}(?-->\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]"then fail text "This message has been rejected because it has\n\ a potentially executable attachment $1\n\ This form of attachment has been used by\n\ recent viruses or other malware.\n\ If you meant to send this file then please\n\ package it up as a zip file and resend it." seen finishendif# same again using unquoted filename [body_unquoted_fn_match]if $message_body matches "(?:Content-(?:Type:(?-->\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?-->\\\\s*)attachment);(?-->\\\\s*)(?:file)?name=|begin(?-->\\\\s+)[0-7]{3,4}(?-->\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]"then fail text "This message has been rejected because it has\n\ a potentially executable attachment $1\n\ This form of attachment has been used by\n\ recent viruses or other malware.\n\ If you meant to send this file then please\n\ package it up as a zip file and resend it." seen finishendif## -----------------------------------------------------------------------
#### Version history## 0.01 5 May 2000# Initial release# 0.02 8 May 2000# Widened list of content-types accepted, added WSF extension# 0.03 8 May 2000# Embedded the install notes in for those that don't do manuals# 0.04 9 May 2000# Check global content-type header. Efficiency mods to REs# 0.05 9 May 2000# More minor efficiency mods, doc changes# 0.06 20 June 2000# Added extension handling - thx to Douglas Gray Stephens & Jeff Carnahan# 0.07 19 July 2000# Latest MS Outhouse bug catching# 0.08 19 July 2000# Changed trigger length to 80 chars, fixed some spelling# 0.09 29 September 2000# More extensions... its getting so we should just allow 2 or 3 through# 0.10 18 January 2001# Removed exclusion for error messages - this is a little nasty# since it has other side effects, hence we do still exclude# on unix like error messages# 0.11 20 March, 2001# Added CMD extension, tidied docs slightly, added RCS tag# ** Missed changing version number at top of file :-(# 0.12 10 May, 2001# Added HTA extension# 0.13 22 May, 2001# Reformatted regexps and code to build them so that they are# shorter than the limits on pre exim 3.20 filters. This will# make them significantly less efficient, but I am getting so# many queries about this that requiring 3.2x appears unsupportable.# 0.14 15 August,2001# Added .lnk extension - most requested item :-)# Reformatted everything so its now built from a set of short# library files, cutting down on manual duplication.# Changed \w in filename detection to . - dodges locale problems# Explicit application of GPL after queries on license status# 0.15 17 August, 2001# Changed the . in filename detect to \S (stops it going mad)# 0.16 19 September, 2001# Pile of new extensions including the eml in current use# 0.17 19 September, 2001# Syntax fix##### Install Notes## Exim filters run the exim filter language - a very primitive# scripting language - in place of a user .forward file, or on# a per system basis (on all messages passing through).# The filtering capability is documented in the main set of manuals# a copy of which can be found on the exim web site# http://www.exim.org/## To install, copy the filter file (with appropriate permissions)# to /etc/exim/system_filter.exim and add to your exim config file# [location is installation depedant - typicaly /etc/exim/config ]# in the first section the line:-# message_filter = /etc/exim/system_filter.exim# message_body_visible = 5000## You may also want to set the message_filter_user & message_filter_group# options, but they default to the standard exim user and so can# be left untouched. The other message_filter_* options are only# needed if you modify this to do other functions such as deliveries.# The main exim documentation is quite thorough and so I see no need# to expand it here...## Any message that matches the filter will then be bounced.# If you wish you can change the error message by editing it(ชื่อ Account ปลายทางที่ต้องการให้ได้รับ Auto BCC)# in the section above - however be careful you don't break it.## After install exim should be restarted - a kill -HUP to the# daemon will do this.##### LIMITATIONS## This filter tries to parse MIME with a regexp... that doesn't# work too well. It will also only see the amount of the body# specified in message_body_visible##### BASIS## The regexp that is used to pickup MIME/uuencoded body parts with# quoted filenames is replicated below (in perl format).# You need to remember that exim converts newlines to spaces in# the message_body variable.## (?:Content- # start of content header# (?:Type: (?-->\s*) # rest of c/t header# [\w-]+/[\w-]+ # content-type (any)# |Disposition: (?-->\s*) # content-disposition hdr# attachment) # content-disposition# ;(?-->\s*) # ; space or newline# (?:file)?name= # filename=/name=# |begin (?-->\s+) [0-7]{3,4} (?-->\s+)) # begin octal-mode# (\"[^\"]+\. # quoted filename.# (?:ad[ep] # list of extns# |ba[st]# |chm# |cmd# |com# |cpl# |crt# |eml# |exe# |hlp# |hta# |in[fs]# |isp# |jse?# |lnk# |md[be]# |ms[cipt]# |pcd# |pif# |reg# |scr# |sct# |shs# |url# |vb[se]# |ws[fhc])# \" # end quote# ) # end of filename capture# [\s;] # trailing ;/space/newline
##### [End]# END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/attachments
# BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/spam_rewrite# (Use the Basic Editor in the Exim Configuration Manager in WHM to change)# or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconfif "${if def:header_X-Spam-Subject: {there}}" is therethen headers remove Subject headers add "Subject: $rh_X-Spam-Subject:" headers remove X-Spam-Subjectendif
if ("$header_to:" matches "$header_subject:")then failseen finish endif# END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/spam_rewrite
.png "Microsoft Visio")
.png "VMware")
