adding TLD to Exim Blacklist

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
For a few years I've been using exim_blacklist to block domains, which has worked well.

Block receiving emails from specific domain to any mailing list?

However, I have one TLD that i'm struggling with.
We see a lot of spam coming from the .date TLD.

I'm unable to block this as the sender, domain name and IP are always different.
eg: [email protected] or [email protected]

How would i block the tld .date

I've tried adding date, .date, *.date *@*.date to the exim blacklist, but nothing seems to stop these getting through.

Mailscanner is doing it's job, but i'd prefer if exim blocked them first.
 

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
I found this on another site, whilst not exactly what I was looking to achieve, it should hopefully provide the same result.

cPanel comes stock with a number of ACLs and tuneables to help reduce the amount of unwanted email into your server. At present, there are not a lot of controls on the Exim side that allow for blocking specific email addresses or servers. While you can easily use the integrated SpamAssassin controls on a per-cPanel account basis, it’s generally less resource-intensive to handle these blocks at SMTP time.

cPanel’s implementation of Exim is set to automatically load filters from an include directory. This directory is located here:

/usr/local/cpanel/etc/exim/sysfilter/options/

Any files you drop in here will be included into the Exim filter. First, create a file in this folder. You can name it anything you want, but we’ll call ours inbound_tld_block:

/usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block

In this file, add the following filter, replacing .tld with the actual TLD you want to block:
if first_delivery
and ("$h_to:, $h_cc:" contains ".tld")
or ("$h_from:" contains ".tld")
then
seen finish
endif
Now go into WHM -> Exim Configuration Manager -> Basic Editor -> Filters, and you should see the new filter listed:

** Custom Filter: inbound_tld_block

If it’s not already enabled, enable it here and then save.
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

Let us know if that solution helps.

Thank you.
 

scurrell

Member
PartnerNOC
Dec 14, 2007
6
0
51
I am not OP, but I had the similar issue, and the provided solution works like a charm (I've blocked .top .xyz .pw .icu TLDs)
So yes, it works for me.
Thank you!
How do you add multiple tld's using that code?
 

rclemings

Well-Known Member
Nov 5, 2007
51
5
58
There might be a better way but this appears to work for multiple tlds:

if first_delivery
and ("$h_to:, $h_cc:" contains ".xyz")
or ("$h_from:" contains ".xyz")
then
seen finish
endif
if first_delivery
and ("$h_to:, $h_cc:" contains ".top")
or ("$h_from:" contains ".top")
then
seen finish
endif

A question though: How can I stop the system from sending "delivery cancelled" bounces to the sender for those tlds? A lot of them are undeliverable and just sit in the queue until they time out.
 

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
I don't work for or acsscociated with CSF, but mailscanner is about $60.
It makes this job so much easier.
 

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
Good question.
All I can add to this is that I don't see any adverse performance.
However, I only have about 10 domains, and 8 of those see very little traffic.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,302
130
193
Finland
cPanel Access Level
Root Administrator
I don't work for or acsscociated with CSF, but mailscanner is about $60.
It makes this job so much easier.
Yes it does, and it's just one time payment. I always order ConfigServer Server Services + MailScanner to every new server.
 

megahost

Member
PartnerNOC
Jun 10, 2012
11
0
51
cPanel Access Level
Root Administrator
i have one WHM server and this solution doesn't work for me. I tried using the filters and I also tried Mailscanner to deny .icu extension.
In this moment i have both exim filter and mailscanner blacklist for *@*.icu but i still see a lot of emails daily form .icu domains in the queue. Any ideeas what to do?
Thanks.
 

sierrablue

Member
Aug 30, 2005
23
0
151
cPanel Access Level
Root Administrator
i have one WHM server and this solution doesn't work for me. I tried using the filters and I also tried Mailscanner to deny .icu extension.
In this moment i have both exim filter and mailscanner blacklist for *@*.icu but i still see a lot of emails daily form .icu domains in the queue. Any ideeas what to do?
Thanks.
WHM > Email > Filter Incoming Emails by Domain
*.example.com
*.icu

etc...