Exim bounces back entire spam messages

**Bdzzld** · 05-29-2009 02:00 AM

Hi,

We've noticed that some spam sources use (existing and non-existing) e-mail addresses which are being hosted on our servers in their "From" field. When the spam source then sends to an e-mail address which is no longer valid the receiving e-mail server creates a bounce of the message to the e-mail address in the "From" field. Then that message is bounced back by Exim again for sending to a non-exiting address on our servers. The problem with this is that Exim bounces the entire message, including the virus or spam message, and this unfortunately has resulted some time in getting the server onto a blacklist. I know Exim can be adjusted so it won't bounce back the enitre message, but only the header or subject of such a message.

My problem/question is: How can Exim be configured as described without cPanel overwriting it after a new update??

Thanks.

**cPanelDavidG** · 05-29-2009 03:01 PM

Originally Posted by Bdzzld

Hi,

We've noticed that some spam sources use (existing and non-existing) e-mail addresses which are being hosted on our servers in their "From" field. When the spam source then sends to an e-mail address which is no longer valid the receiving e-mail server creates a bounce of the message to the e-mail address in the "From" field. Then that message is bounced back by Exim again for sending to a non-exiting address on our servers. The problem with this is that Exim bounces the entire message, including the virus or spam message, and this unfortunately has resulted some time in getting the server onto a blacklist. I know Exim can be adjusted so it won't bounce back the enitre message, but only the header or subject of such a message.

My problem/question is: How can Exim be configured as described without cPanel overwriting it after a new update??

Thanks.

Mind if our technical analysts work with you on this? The behavior you mention doesn't seem typical of Exim in a cPanel/WHM environment. You can contact our technical analysts at: http://tickets.cPanel.net/submit

**Bdzzld** · 05-30-2009 02:46 AM

Hi cPanelDavidG,

Actually this is normal behaviour for Exim and can be configured with one or both of these variables :

bounce_return_message

Type: boolean
Default: true

If this option is set false, the original message is not included in bounce messages generated by Exim.

bounce_return_size_limit
Type: integer
Default: 100K

This option sets a limit in bytes on the size of messages that are returned to senders as part of bounce messages when bounce_return_message is true. The limit should be less than the value of the global message_size_limit and of any message_size_limit settings on transports, to allow for the bounce text that Exim generates. If this option is set to zero there is no limit.

When the body of any message that is to be included in a bounce message is greater than the limit, it is truncated, and a comment pointing this out is added at the top. The actual cutoff may be greater than the value given, owing to the use of buffering for transferring the message in chunks (typically 8K in size). The idea is to save bandwidth on those undeliverable 15-megabyte messages.

The problem is, that I could not find them in the default exim.conf file in cPanel and I have no idea where to put them.

Thanks.

**excessnet** · 09-29-2010 04:18 PM

Did you manage to disable bounce completly ?

I'm using my cPanel server a secondary MX, when my Barracuda told him there's "No such user here", the cPanel exim create a bounce filling the queue. Since it's only a secondary MX, I don't care about bounce.

How can I turn it off ?

**Bdzzld** · 09-29-2010 04:29 PM

As cPanelDavidG could not point me into the direction, I've not invested any more time into it. If you (or any one else) are able to find a solution for this, please share it though.

**excessnet** · 09-29-2010 04:33 PM

Finally, I used this solution : Farhad Malekpour » Blog Archive » How to disable delayed bounce back messages in exim

work very well!

**GaryT** · 09-29-2010 05:18 PM

Taken from a thread in the forum, You can make it bounce back to the domain that sent it rather than the root which works great and no problems

Hope it helps

Open "WHM"
Under "Service Configuration" , click "Exim Configuration Editor"
Click "Switch to advanced mode"

In the first editable text box below
#!!# cPanel Exim 4 Config:

ADD:

local_from_check = false
untrusted_set_sender = root

In the textbox that follows (REWRITE CONFIGURATION)
begin rewrite:

ADD:

nobody@lsearch;/etc/localdomains "${if !eq {$header_From:}{}{$header_sender:$header_From:}fail}" Fs
cpanel@lsearch;/etc/localdomains "${if !eq {$header_From:}{}{$header_sender:$header_From:}fail}" Fs

NOTE: there is no space between fai and l in the word fail above.
There appears to be a text translation problem in the forum.

Now Click Save, Exim will restart with the updated config.

LinkBack

Thread Tools