Home > Help Center > Shared Hosting > Email > How to Configure Mail Filters in cPanel

How to Configure Mail Filters in cPanel

managed web hosting Email filters scan the content of incoming emails for certain spam words. cPanel delivers an extremely versatile and feature rich interface to create email filters.

In two separate articles, we introduced you to creating and managing a global email filters and an individual email account filters in cPanel.

Because the Email Filters interface offers a large selection of configuration options, we will describe them in detail in this article.

cPanel provides also the ability to use the popular SpamAssassin as a filtering application. We recommend you to test the two filters separately and continue with the one that suits you best.

Activating and configuring of SpamAssassin will be discussed in a separate article.

When SpamAssassin is deactivated, some of the options in the email filters at the bottom of the lists are inactive.

Configure Rules and Actions

The email filter consists of Rules and Actions. In turn, the Rules Interface consists of three parts:

Select the Email Message Part

Select the part of the email structure which the filter will scan - To, From, Subject, Body

cpanel email filters

From - the message sender's address. Subject - the message's subject line. To - the address to which the sender sent the message. Reply Address - the address at which the sender receives replies. Body - the message's content. Any Header - any part of the message's header. Any Recipient - any recipient of the message. Has not been Previously Delivered - the system only examines messages that remain in the queue for delivery. Is an Error Message - the system only examines error messages that an auto-response system sends. List ID - The account's mailing lists.

If SpamAssassin is deactivated the next options are inactive and cannot be selected.

Spam Status - Whether Apache SpamAssassin marked the message as spam. The Spam Status line begins with Yes or No. Spam Bar - The content of the Spam Bar header that Apache SpamAssassin generated for this message. The more plus signs (+) that Apache SpamAssassin assigns to a message, the greater the likelihood that the system marks the message as spam. Spam Score - The total number of plus signs (+) in the Spam Bar value, expressed as an integer.

Select the Type of Comparison Operator

cpanel email filters

equals - the message exactly matches a defined string. matches regex - the message matches a regular expression that you define. The filter text box accepts regular expressions when you select this option, rather than commonly-used wildcard characters (for example, * or ?). contains - the message a string that you define. does not contain - the message does not contain the defined string. begins with - the message begins with the defined string. ends with - the message ends with the defined string. does not begin - the message does not begin with the defined string. does not end with - the message does not end with the defined string. does not match - the message does not exactly match the defined string.

The following options are only applicable when you select the Spam Score option:

is above (numbers only) - the message's Spam Score is greater than the number that you define. is not above (numbers only) - the message's Spam Score is equal to or less than the number that you define. is below (numbers only) - the message's Spam Score is less than the number that you define. is not below (numbers only) - the message's Spam Score is greater than or equal to the number that you define.

Enter the Criteria

Enter the criteria to use in the text box - the type of data that you enter determines the comparison that the system performs.

For example, if you select the From and Equals filters, enter user@hostpulse-demo.com as the criteria. The system determines that any email from user@hostpulse-demo.com matches the filter, but does not match seconduser@hostpulse-demo.com because it contains additional letters.

cpanel email filters

When you create a filter that uses several operators, the system processes the and operator before the or operator. For example:

The system processes A or B and C as A or (B and C).
The system processes A and B or C as (A and B) or C.

cpanel email filters

If the message contains a spam-keyword only in the subject, depending on the value of the logical operator, the filter will stop the message (the logical operator or is true):

cpanel email filters

or will deliver the message (body does not contain spam-keyword, the logical operator and fails and the message is delivered):

cpanel email filters

When cPanel determines that an email message matches your filter, it handles that message with the any of the following actions that you specify:

cpanel email filters

Discard Message - the system discards the incoming message with no failure notice. Redirect to Email - the system forwards the message to another email address that you specify. Fail with Message - the system discards the message and automatically send a failure notice to the sender. Stop Processing Rules - the system skips all filter rules. Deliver to Folder - the system delivers the message to a specified folder. You can create additional IMAP folders alongside the original email folders.

cpanel email filters

Pipe to a program - the system sends the incoming message to a specified program. For example, use the Pipe to a Program option to pipe email information to a program that enters email information into a ticket system.

You can also use a multiple actions by clicking (+) and (-) buttons - the system will perform all actions following the list order.

cpanel email filters

Test the Email Filter

First we tested the filter for certain spam words and got the system report:

Filter Trace Results:

The Filter has matched the following condition(s):
$header_subject: is spam-keyword or $message_body contains spam-phrase
$header_subject: is spam-keyword

Condition is false: error_message
Return-path copied from sender
Sender      = hproot@hostpulse-demo.com
Recipient   = hproot@hostpulse-demo.com
Testing Exim filter file "/etc/vfilters/hostpulse-demo.com"

Deliver message to: "spam-collector+Filter"@hostpulse-demo.com
Fail text "The message is reported as spam."
Filtering ended by "fail".

Then we sent an email that contained the same spam words - the message was not received at the destination mail account but was redirected according the email filter actions:

cpanel email filters

cpanel email filters

If you select the Stop Processing Rules option this action must be included before all other actions at the top of the list. You can use Stop Processing Rules option if you want to to keep the filter rules without applying them.


cPanel email filters are powerful yet very flexible tool. We want to list a short reminder of the most important information in this long article.

Do not use Discard Message action - rather use either Redirect to Email or Deliver to Folder actions to be able to check the filtered messages and to perform a further refinement of the email filter accuracy not losing even a single email message.

Do not use Email Filters and SpamAssassin at the same time - rather test both methods separately.

Do not use Fail with Message action - do not show spammers any signs that you are aware of their actions, just leave it to the filter to take care of the spam emails.

We hope this article will help you to configure your mail filters correctly and you are getting less and less troubles with a spam messages.

Reference: documentation.cpanel.net

Still not finding what you're looking for?

Contact our support team with any additional questions or concerns.

Contact support