Introduction

In server settings where WHM and cPanel are used, email security is a crucial aspect of the user experience. Out of the box, Exim will deny the delivery of certain file types, such as .eml attachments, to prevent the sharing of harmful files. However, there are sometimes legitimate needs to allow the delivery of .eml Email attachments, such as for email testing or archiving, which a business may require.

This document provides a detailed and step-by-step guide to enable .eml email attachments using WHM via the Exim Configuration Manager. The changes intended to be safe are made via Access Control Lists (ACLs), while protecting the security and integrity of the system.

Understanding Exim and ACL Configuration

Exim is the mail transfer agent (MTA) used by cPanel and WHM to handle incoming and outgoing emails. It uses Access Control Lists (ACLs) to filter, reject, or accept emails based on specific criteria, such as file types, headers, or sender information.

By customizing ACL rules, administrators can fine-tune which file types are accepted or blocked. In this process, we’ll modify two specific ACLs:

  • acl_not_smtp_mime – Controls non-SMTP MIME email attachments.
  • acl_smtp_mime – Controls SMTP MIME email attachments.

Step 1: Configure acl_not_smtp_mime

  1. Log in to WHM as the root user.
  2. Navigate to:

Home – Service Configuration – Exim Configuration Manager

  1. Open the Advanced Editor tab.
  2. Scroll down to find acl_not_smtp_mime, or search for disallowed_filenames_bl.
  3. Deselect the disallowed_filenames_bl option.
  4. Select the custom_begin_not_smtp_mime option.
  5. In the text box provided, paste the following configuration:

# Reject inbound mail with potentially dangerous attachments

# Obfuscation of file names using parameter value continuation evades other filters, but not this one

deny

  log_message = DENY: disallowed \”$mime_filename\”

  condition = ${if match \

  {${lc:$mime_filename}} \

  {[.](ad[ep]|ba[st]|chm|cmd|com|cpl|crt|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\$}}

  message = Attached file ‘$mime_filename’ has disallowed extension.

accept

This configuration safely filters attachments by explicitly rejecting dangerous file extensions, such as .exe, .cmd, or .bat, while permitting safe ones like .eml.

Step 2: Configure acl_smtp_mime

Next, apply similar changes to the SMTP MIME ACL.

  1. Scroll to the acl_smtp_mime section.
  2. Deselect the disallowed_filenames_bl option.
  3. Select the custom_begin_smtp_mime option.
  4. Paste the same configuration block below:

# Reject inbound mail with potentially dangerous attachments

# Obfuscation of file names using parameter value continuation evades other filters, but not this one

deny

  log_message = DENY: disallowed \”$mime_filename\”

  condition = ${if match \

  {${lc:$mime_filename}} \

  {[.](ad[ep]|ba[st]|chm|cmd|com|cpl|crt|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\$}}

  message = Attached file ‘$mime_filename’ has disallowed extension.

accept

These ACL rules prevent harmful file types from entering the server while still allowing legitimate formats, including .eml files, to pass through.

Step 3: Save and Apply Your Changes

Once both ACLs are configured:

  • Scroll to the bottom of the Exim Configuration Manager.
  • Click Save to apply the custom rules.

Exim will now reload the configuration, applying the new security policy that safely permits .eml Email attachments without exposing your mail system to common threats.

Why Custom ACL Rules Matter

By defining custom ACLs, administrators gain complete control over attachment filtering. This approach is more flexible and secure than relying solely on global blacklists. It ensures:

  • Enhanced security by allowing only specific file types.
  • Operational flexibility for legitimate .eml or testing scenarios.
  • Compliance with organization-specific email policies.

Conclusion

Enabling .eml attachments to WHM’s Exim Configuration is a delicate process that requires both familiarity with security considerations and understanding of what to drop into the configuration. More specifically, if you follow the guidance of the acl_not_smtp_mime and acl_smtp_mime, you can securely manage and view the attachments on the end-user level while achieving full stability with the server.

As a full-service server management company, server configuration, SMTP configurations, email protocols configuration, and monitoring services are our core practices, to give the customer a reliable and secure systems infrastructure. And every configuration, from new mail filters to ACL enhancements, we pay full respect to security practices and guidelines that ensure business continuity.

At ServerAdminz, we secure, comply, and optimize your servers and IT services so you can focus on your growth as a business.