cPanel Mailscanner Automatically Removes Non Local Spam Whitelist Rules

JeffTechnical Articles & Notes

I added a spam whitelist rule to the file on my WHM/cPanel server:

File:

/usr/mailscanner/etc/rules/spam.whitelist.rules

New rule in place:

To: *@aetherweb.co.uk and From: mycolleague@hisdomain.com	yes
From:	127.0.0.1 and From: postmaster@aetherweb.co.uk	yes
# If you are basing a blacklist on this then you can refer to
# a null (empty) sender address with "/^$/" as the address to match.
#
# This is where you can build a Spam WhiteList
# Addresses matching in here, with the value
# "yes" will never be marked as spam.
#From:		152.78.		yes
#From:		130.246.	yes
#From:		host:soton.ac.uk yes # Note this is slower than using the IP
From:           *@aetherweb.co.uk yes
From:           my-ip-here      yes
FromOrTo:	default		no

# My added line:
From:           *@a-special-domain-name.co.uk    yes

I added this because a lot of mail from ‘a-special-domain-name.co.uk’ was being tagged as spam and disappearing.

But in a daily cron task, cPanel went ahead and removed the rule automatically and emailed me about it:

Email
Subject: cPanel -> MailScanner Report
Message:
a-special-domain-name.co.uk removed from spam.whitelist.rules

How annoying!

It turns out that cPanel’s code runs daily and strips out all whitelist rules which do not refer to domains registered on the local server. This is a bit bonkers because of course, you’d only BE whitelisting domains NOT on the local server.

Simple solution – comment out the code in cPanel’s cron script that strips out the whitelist rules. Here’s how…

Open this file:

/usr/mscpanel/mscpanel.pl

Search the code for this text in order to find the right place in the file:

removed from spam.blacklist.rules

And edit it so it looks like this:

		for ($x=0;$x < @sh;$x++) {
			if (($sh[$x] =~ /\@([^\t\s]*)/) and ($sh[$x] !~ /^\#/)) {
				if (not $validdomains{$1} and ($1 ne "")) {splice (@sh,$x,1);$report .= "$1 removed from spamhigh.score.rules\n";$altered = 1}
			}
		}
	}
	# JEFF COMMENTED THIS OUT ON 18/03/2016 BECAUSE IT DOES NOT MAKE SENSE
        #for ($x=0;$x < @sbr;$x++) {
	#	if (($sbr[$x] =~ /\@([^\t\s\*]*)/) and ($sbr[$x] !~ /^\#/)) {
	#		if (not $validdomains{$1} and ($1 ne "") and ($1 ne "*")) {splice (@sbr,$x,1);$report .= "$1 removed from spam.blacklist.rules\n";$altered = 1}
	#	}
	#}
	#for ($x=0;$x < @swr;$x++) {
	#	if (($swr[$x] =~ /\@([^\t\s\*]*)/) and ($swr[$x] !~ /^\#/)) {
	#		if (not $validdomains{$1} and ($1 ne "") and ($1 ne "*")) {splice (@swr,$x,1);$report .= "$1 removed from spam.whitelist.rules\n";$altered = 1}
	#	}
	#}
}
# end compare_rules
###############################################################################

Note I have also removed the code to remove non local domains from the blacklist. Why would it?!

You may wish to confirm you’ve not broken the script by introducing a syntax error. You can do this by running this command at the command line:

perl -c mscpanel.pl

And all being well you should see something like:

root [/usr/mscpanel]# perl -c mscpanel.pl
mscpanel.pl syntax OK