# cPanel: move/delete incoming mail with .zip attachment



## bytebitter (Apr 28, 2014)

Hi,

Can anyone please help with a working cPanel filter or regex to move &or delete all incoming email with zip attachments?

I've tried & tried with the filters but without luck & the volume of zipped malware is just *so* wearing me down...

Thanks all.

Rgds,

Mark.


----------



## Flapadar (Apr 28, 2014)

This is definitely an inappropriate way to handle it; but I personally don't use cPanel so I can't give you any advice there:

iptables -A INPUT -p tcp --sport 25 -m string --algo bm --string ".zip" -j TARPIT 

String matches are inefficient but it shouldn't be a huge problem for mail. TARPIT might not exist on your system but you can replace it with DROP if you don't want to get/use TARPIT. 

Inappropriate a solution as it may be the idea of bogging down a spammers system is a nice one


----------



## bytebitter (Apr 29, 2014)

Many thanks for your reply, however, the account in question is an end-user one & so has no access to iptables directly.

Added to my library though...


----------

