blackhole for default address doesn't work

**newbies** · 06-29-2008 01:32 PM

I have set :blackhole: for default address, but I still receive large volume of emails. Now my inbox has accumulated over 10k messages. I could not all the message using pop3 account for deletion. I have two questions:

1) Why blackhole doesn't work?
2) How can I delete the messages (where are they) under shell account (I have root access)?

Thank you!

**mtindor** · 06-29-2008 05:05 PM

You need to stop using blackhole.

What does blackhole do? It accepts the mail and then devnulls it (deletes it). If you use blackhole for the default address and somebody sends spam to 10,000 nonexistent email accounts at that domain, your server has to process that. If you use fail, then the server simply rejects any attempts by external servers/spammers to send mail to those nonexistent addresses during SMTP time. Significant performance improvements are had by using fail vs blackhole.

There is no good reason to use blackhole. In fact, it shouldn't even be an option in Cpanel. If you are going to use blackhole, use :fail: instead. Fail will REJECT any mail to nonexistent email addresses for domains you house on the server, during SMTP time. More resource friendly, and better to reject mail to nonexistent users rather than accept that mail (making the sending server believe the user exists) and then sh1tcanning it.

Mike

**newbies** · 06-29-2008 05:08 PM

Thanks Mike.

I thought blackhole will send mails nowhere. I will try :fail: to see what will happen.

**chirpy** · 07-01-2008 11:43 AM

Blackhole has major problems. There's a long description of what mtindor that I wrote a few years back:
http://configserver.com/free/fail.html

**innsites** · 07-02-2008 05:31 PM

I am using :fail: no such address here on an addon domain, yet it still lets random xyz123@ mails come through.

Why?

**cPanelDavidG** · 07-02-2008 05:40 PM

Originally Posted by innsites

I am using :fail: no such address here on an addon domain, yet it still lets random xyz123@ mails come through.

Why?

Just for the add-on domain, not the entire account?

**innsites** · 07-02-2008 06:41 PM

Since you asked I went and tested a random address to primary domain as well. It also got through. Every default address for the account in question is set to fail and there are only very specific emails listed for forwarding purposes.

What should I look for?

/etc/valiases/domain does show

*: :fail: no such address here

for the primary domain as well as addons.

**newbies** · 07-04-2008 12:30 PM

Originally Posted by mtindor

You need to stop using blackhole.

Mike

I changed to :fail:, still I got emails. So neither fail nor blackhole works.

I installed ConfigServer Mail Manage (cmm), I have to say it is a very convenient tool!

**ed.kalk** · 07-08-2008 12:21 PM

Originally Posted by chirpy

Blackhole has major problems. There's a long description of what mtindor that I wrote a few years back:
http://configserver.com/free/fail.html

My :fail: is not working can you help?

I entered ":fail:" into the default address field and exim is still accepting mail to anything@domain.com. Please help.

here is an example of one domain's valiases:

root@mailserver [/etc/valiases]# cat excelmfg.com
bryanf@excelmfg.com: bfisher@excelmfg.com
cseifert@excelmfg.com: mrunions@excelmfg.com
ddussan@excelmfg.com: bandrews@excelmfg.com
engineering@excelmfg.com: adavis@excelmfg.com
excelservice@excelmfg.com: service@excelmfg.com
finance@excelmfg.com: mrunions@excelmfg.com
jkasten@excelmfg.com: mrunions@excelmfg.com
jpearson@excelmfg.com: akrueger@excelmfg.com
jsiem@excelmfg.com: bandrews@excelmfg.com
mwiggins@excelmfg.com: akrueger@excelmfg.com
rwondrow@excelmfg.com: bandrews@excelmfg.com
sales@excelmfg.com: mrunions@excelmfg.com
scottr@excelmfg.com: twondrow@excelmfg.com
tdouglas@excelmfg.com: twondrow@excelmfg.com
tgifford@excelmfg.com: dsmith@excelmfg.com
*: :fail:

Is there something wrong with this?

**mtindor** · 07-08-2008 12:26 PM

Mine usually include a rejection message.. That may be the key.

*: :fail: No Such User Here

It may not be necessary, but you may try it like above and see if it makes a difference.

Mike

**mtindor** · 07-08-2008 12:31 PM

Ok, I was wrong about that.

It makes no difference if you use:

*: :fail: No such user here
or
*: :fail:

Either one should produce a rejection during SMTP if email is sent to a nonexistent address. However, having a failure reason afterwards that is sensible is recommended.

If you just use *: :fail: you get:

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

test@mydomain.com

If you use *: :fail: some_reason_here, you get:

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

test@mydomain.com
some_reason_here

So use a reason.

However, that isn't your problem. Maybe it is because you have modified your exim? Did you try going to Exim Configuration Editor and resetting all of the default ACLs and config?

Also, I know in WHM / Tweak Settings / Mail you will find:

Default catch-all/default address behavior for new accounts. "fail" is usually the best choice if you are getting mail attacks.
localuser blackhole fail

Do you have it set to localuser, blackhole or fail? Mine is set to fail. It sounds as if this should only be important for new account creation, but maybe not. I'd make sure it was set to fail.

Mike

**mtindor** · 07-08-2008 12:33 PM

Send yourself a test message to a nonexistent account. Then look in /var/log/exim_mainlog for entries for that message.

It would be curious to see what yours says is happening.

Mine shows:

2008-07-08 12:25:02 1KGFzy-0008Cq-8b <= admins@mycorpdomain.com H=adsl-68-75-26-208.dsl.daytnoh.ameritech.net (ANTISPAM) [xx.xx.xx.xx] P=esmtpa A=fixed_login:admins@mycorpdomain.com S=664 id=C4A3288FF39646519908E88DB3E04F38@ANTISPAM T="test"
2008-07-08 12:25:02 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1KGFzy-0008Cq-8b
2008-07-08 12:25:02 1KGFzy-0008Cq-8b ** test@mydomain.com R=virtual_aliases:
2008-07-08 12:25:02 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1KGFzy-0008Cq-8b
2008-07-08 12:25:02 1KGFzy-0008Cw-Kj <= <> R=1KGFzy-0008Cq-8b U=mailnull P=local S=1489 T="Mail delivery failed: returning message to sender"
2008-07-08 12:25:02 1KGFzy-0008Cq-8b Completed

Mike

**ed.kalk** · 07-08-2008 01:36 PM

tried :fail: no such user here
and no dice

Still not working.

**mtindor** · 07-08-2008 01:46 PM

Ok, I'm out of options. If it were my machine, I'd have it fixed. But I have little to go on working on the limited information you provide me. Besides you are running other software along with it (I'm not familiar with CMM). Good luck.

Mike

**ed.kalk** · 07-08-2008 01:46 PM

I'm not using cmm and it appears to be working now after restarting exim

LinkBack

Thread Tools

blackhole for default address doesn't work

:fail: not working --- lets mail through

:fail: fails for all random msgs

My :fail: is not working

tried :fail: no such user here and no dice

I'm not using cmm and it is working now after restarting exim

Default Address Maintenance doesn't work like it used to

If you set default address to :blackhole: or :fail: mail to admin address fails

default address blackhole not working

Why doesn't :blackhole: work?

autoresponse doesn't work for the default address