If you are using ‘User level filtering’ of email in cPanel (v11.28.83), applied to the Subject header of an email, you may encounter circumstances where sometimes the filter fails for no obvious reason. On investigation of the email headers, it turned out that a certain sender was folding email subject headers over multiple lines. If the phrase being searched for was split over two lines within the header, the filter would fail.
For example, with rule : Subject contains ‘testing 123’
1. this would work:
Subject: line 1 testing 123
2. this would work:
Subject: line 1
line 2 testing 123
3. this would NOT work:
Subject: line 1 testing
123 line 2
It turns out that this is because cPanel simply passes the filter information down to exim, and it is here that the behaviour manifests.
I have posted an entry to the feature requests forum of cPanel, for it to be configured to better tolerate multiline subject headers. If you are encountering this problem, it would be helpful if you would contribute to that thread.
In the meantime a workaround is to use the ‘matches regex’ filter, replacing spaces in your match-phrase with ‘\\\\s+’. For example the following rule works in each of the three samples above.
Rule: Subject matches regex testing\\\\s+123
As of this date and cPanel version 11.30.0 (build 27), I changed one mail filter and noticed all my others based on the notes above had stopped working. Looks like all escaping is no-longer needed (or works) to get the regex’s backslashes pushed through to exim. Simply writing the regex as you’d expect it to be interpreted now does the job. Therefore the above rule should now read:
Rule: Subject matches regex testing\s+123