WHM/cPanel .EML files triggering “This message has been rejected because it has a potentially executable attachment”

WHM/cPanel might trigger a bounce such as the following:

2023-03-14 20:11:01 1pc96v-0007q4-15 cancelled by system filter: This message has been rejected because it has\na potentially executable attachment "My trusted forward.eml"\nThis form of attachment has been used by\nrecent viruses or other malware.\nIf you meant to send this file then please\npackage it up as a zip
file and resend it.

Point is probably .eml should be trusted, but if there is an exe in a .eml you could be harmed. But since you probably want to have less support you might be tempted to update this filter.

It’s entirely possible and has been discussed at the forums here.

The steps are to create a new Exim filter file, but first backup the existing Exim filter file.

Actual steps:

cp -p /etc/cpanel_exim_system_filter /etc/cpanel_system_filter_new

Edit the files, lines 50, 61, 78, 89

50: if $header_content-type: matches 
61: if $header_content-type: matches
78: if $message_body matches
89: if $message_body matches

Find eml and remove it. Be careful.

Go into WHM and the Exim configuration manager. Search for system filter file

Choose the new file that you have just modified, and press Save.

Updating “System Filter File” from “/etc/cpanel_exim_system_filter” to “/etc/cpanel_system_filter_new”.
“System Filter File” was updated.

Now .eml attachments won’t be blocked.


Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top