The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

acl_deny_sender option unknown error

Discussion in 'E-mail Discussions' started by serichards, Feb 18, 2014.

  1. serichards

    serichards Well-Known Member

    Joined:
    Dec 11, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Website Owner
    I'm trying to edit the exim configuration file via the whm advanced editor. I need to add the acl_deny_sender directive in to block email from a few different domains listed in a particular file. I have created the file with the domains listed.

    When I try and add the directive in I get the following error: main option "acl_deny_sender" unknown option.

    Is it now called something else?

    Or have I got it confused with some kind of relay blocking method??

    It's basically to block all incoming mail from certain domains... blocking by ip isn't much good as they change so a blanket ban by domain is what I'm after :)

    Or should it be acl_check_sender with a file of blocked senders?? (that's unknown as well)

    acl_check_sender:
    deny senders = /etc/exim4/filters/sender_reject.list
    accept
     
    #1 serichards, Feb 18, 2014
    Last edited: Feb 18, 2014
  2. serichards

    serichards Well-Known Member

    Joined:
    Dec 11, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Website Owner
    I'm only really attempting this as I asked my vps support to do it but they were unable to do it.

    I have no idea why blocking mail senders by domain, with all the domains in a list, is so difficult with cpanel.
     
  3. serichards

    serichards Well-Known Member

    Joined:
    Dec 11, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Website Owner
    acl_check_content acl_check_sender. WHM exim advanced editor doesn't recognise either of those.

    Tried domainlist [sender_reject] with a path to the file and have another error: missing '=' after ""

    Trying to follow this suggested way of doing it but it seems nothing works.

    Manually block/reject emails from domain in exim | Linux System Administration

    I need to add this into the routers configuration: reject_domains:

    driver = redirect
    # RBL Blacklist incoming hosts
    domains = +sender_reject
    allow_fail
    data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

    None of the ways I have found to do this work. The WHM advanced configuration editor just stops every possible one in its tracks.

    A whole day has been wasted trying to do something which should take 5 minutes!
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  5. serichards

    serichards Well-Known Member

    Joined:
    Dec 11, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Website Owner
    I already have an RBL set.

    What I need is a file I maintain with domains I want to block and a method of making Exim take notice of it. I am struggling to do it!
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    This thread might be helpful:

    Filter All Email From .PW TLD

    You would have to edit the actual rule to fit your specific criteria but the overall method of doing it should work.

    Thank you.
     
  7. serichards

    serichards Well-Known Member

    Joined:
    Dec 11, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Website Owner
    It needs to work with a list of domains. I don't want something that has to be hand edited every time you take a domain in and out of the blacklist. Hence using something like acl_deny_sender with a list is a no brainer.

    Someone pointed me at Mail->Account Level Filtering-> Create New Filter Which is designed to do exactly this but it is not available as root for server wide, all account settings. It's only in per user settings.

    I'm mystified why it is so hard to do something which is so simple and so useful. If the server side config can include ip addresses you can blacklist why is there not a setting for domains? It makes no sense.
     
  8. serichards

    serichards Well-Known Member

    Joined:
    Dec 11, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Website Owner
    The WHM advanced configuration exim editor is really unhelpful. It tells you something is correct. You save it. Then all of a sudden there is a problem! Or it says the box you are editing is fine then claims all others below are suddenly wrong.

    This is is the ACL I'm trying to insert:

    acl_check_sender:

    deny senders = /etc/exim/sender_reject.list
    accept

    It is going in the acl_smtp_data section.

    No way of writing it seems to make the whm editor happy with it.

    None of the other examples are helpful. None of the exim manual seems to be able to help on exactly how it should look as it is aimed at those that can edit their exim.conf directly and can therefore put things in as they should be. WHM is obviously generating the file but without knowing exactly what it adds in and leaves out it is impossible to get it correct.

    Even if I can make the editor happy with it I end up with an "temporarily rejected after DATA: unknown ACL verb "acl_deny_sender" in "acl_deny_sender = /etc/exim/sender_reject.list" "
    error in the exim main log instead.

    If I use acl_check_sender instead I have an error about an unknown option 'deny' and it won't build the configuration file.

    Using acl_deny_sender with a list of senders you don't want mail from seems more sensible and yet that doesn't work.
     
    #8 serichards, Feb 19, 2014
    Last edited: Feb 19, 2014
  9. serichards

    serichards Well-Known Member

    Joined:
    Dec 11, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Website Owner
    Finally getting somewhere!

    How To Manually block/reject emails from domain in exim

    This had enough useful info to make something work.

    I used the add thingy at the top of the acl section to add in

    domainlist exim_blacklist = lsearch;/etc/eximblacklist


    I then scrolled down to the routers section and added the rest there in the prerouters bit.

    But what I'm wondering is whether that bit could be added earlier and slightly rewritten so that those domains are blocked earlier in the process? It does send out a message as a response so I also wonder whether it would be better to do some kind of silent fail??

    It's been a lot of effort to do something that should be 5 minutes though. There really needs to be a blacklist by domain in the WHM section with the blacklist by ip is.

    File that has the blocked domains has them as .tld or .domain.tld No wildcards needed.

    Only taken 2 days of head scratching and banging head against wall to do this.
     
  10. serichards

    serichards Well-Known Member

    Joined:
    Dec 11, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Website Owner
    Had another go with the acl_check_mail method as I was recommended to use acl_smtp_mail = acl_check_mail but it is difficult to use as acl_smtp_mail is already defined and you cannot edit what is already in that box.

    acl_check_mail:

    deny message = Not today thanks
    domains = *.mobi:yahoo.com:gmail.com

    Which acl section do I need to add that into instead? custom_begin_mail seems the only logical place. If this can be made to work then it becomes a simple way to ban certain email domains from sending email to your server if you don't have ssh access to edit a blacklist file.

    The router method sort of works but only after it's gone through all the sender verify which gmail *always* fails on. I'd prefer not to have that overhead and just bin those off before then.
     
    #10 serichards, Feb 25, 2014
    Last edited: Feb 25, 2014
  11. kona333

    kona333 Member

    Joined:
    Jul 9, 2014
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Hey Serichards did you manage to figure out a solution?

    I too have spam going out, about 50 a day from a single domain, but it's emailing internal emails of accounts on the server. I don't know where it's coming from, it could even be remotely sent but it would be great if I could just block everything from this particular domain. Or for that matter entire country domains such as some of the dodgy european ones that constantly send out spam.

    Would prefer a method within whm rather than having to create files and use ssh.

    Thanks.
     
  12. faidwen

    faidwen Registered

    Joined:
    Aug 1, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    This is perhaps the MOST frustrating thing I have encountered in a LONG LONG while.

    I am attempting to do exactly the same thing, block a single domain from sending via local accounts. There currently appears to be no easily useable documentation on how to accomplish a black / white list methodology.

    Serichards I would love to know what you eventually used....

    Thanks in advance!
     
  13. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    On the page that you list, could you tell me where to find:

    "Add the below lines in the first section just below the line "#!!# cPanel Exim 4 Config"


    I am not sure where to add the first line, in the top of the ACL section. I have tried to add "domainlist exim_blacklist = lsearch;/etc/eximblacklist" in Section: "BEGINACL", but I am only getting this error:

    "missing or malformed ACL name"
     
Loading...

Share This Page