blackhole for default address doesn't work

[newbies]

I have set :blackhole: for default address, but I still receive large volume of emails. Now my inbox has accumulated over 10k messages. I could not all the message using pop3 account for deletion. I have two questions:

1) Why blackhole doesn't work?
2) How can I delete the messages (where are they) under shell account (I have root access)?

Thank you!

 

[mtindor]

You need to stop using blackhole.

What does blackhole do? It accepts the mail and then devnulls it (deletes it). If you use blackhole for the default address and somebody sends spam to 10,000 nonexistent email accounts at that domain, your server has to process that. If you use fail, then the server simply rejects any attempts by external servers/spammers to send mail to those nonexistent addresses during SMTP time. Significant performance improvements are had by using fail vs blackhole.

There is no good reason to use blackhole. In fact, it shouldn't even be an option in Cpanel. If you are going to use blackhole, use :fail: instead. Fail will REJECT any mail to nonexistent email addresses for domains you house on the server, during SMTP time. More resource friendly, and better to reject mail to nonexistent users rather than accept that mail (making the sending server believe the user exists) and then sh1tcanning it.

Mike

 

[newbies]

Thanks Mike.

I thought blackhole will send mails nowhere. I will try :fail: to see what will happen.

 

[chirpy]

Blackhole has major problems. There's a long description of what mtindor that I wrote a few years back:
http://configserver.com/free/fail.html

 

[innsites]

:fail: not working --- lets mail through

I am using :fail: no such address here on an addon domain, yet it still lets random [email protected] mails come through.

Why?

 

[cPanelDavidG]

I am using :fail: no such address here on an addon domain, yet it still lets random [email protected] mails come through.

Why?

Just for the add-on domain, not the entire account?

 

[innsites]

:fail: fails for all random msgs

Since you asked I went and tested a random address to primary domain as well. It also got through. Every default address for the account in question is set to fail and there are only very specific emails listed for forwarding purposes.

What should I look for?

/etc/valiases/domain does show

*: :fail: no such address here

for the primary domain as well as addons.

 

[newbies]

You need to stop using blackhole.

Mike

I changed to :fail:, still I got emails. So neither fail nor blackhole works.

I installed ConfigServer Mail Manage (cmm), I have to say it is a very convenient tool!

 

[ed.kalk]

My :fail: is not working

Blackhole has major problems. There's a long description of what mtindor that I wrote a few years back:
http://configserver.com/free/fail.html

My :fail: is not working can you help?

I entered ":fail:" into the default address field and exim is still accepting mail to [email protected]. Please help.

here is an example of one domain's valiases:

[email protected] [/etc/valiases]# cat excelmfg.com
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
*: :fail:

Is there something wrong with this?

 

[mtindor]

Mine usually include a rejection message.. That may be the key.

*: :fail: No Such User Here

It may not be necessary, but you may try it like above and see if it makes a difference.

Mike

 

[mtindor]

Ok, I was wrong about that.

It makes no difference if you use:

*: :fail: No such user here
or
*: :fail:

Either one should produce a rejection during SMTP if email is sent to a nonexistent address. However, having a failure reason afterwards that is sensible is recommended.

If you just use *: :fail: you get:

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]

If you use *: :fail: some_reason_here, you get:

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
some_reason_here

So use a reason.

However, that isn't your problem. Maybe it is because you have modified your exim? Did you try going to Exim Configuration Editor and resetting all of the default ACLs and config?

Also, I know in WHM / Tweak Settings / Mail you will find:

Default catch-all/default address behavior for new accounts. "fail" is usually the best choice if you are getting mail attacks.
localuser blackhole fail

Do you have it set to localuser, blackhole or fail? Mine is set to fail. It sounds as if this should only be important for new account creation, but maybe not. I'd make sure it was set to fail.

Mike

 

[mtindor]

Send yourself a test message to a nonexistent account. Then look in /var/log/exim_mainlog for entries for that message.

It would be curious to see what yours says is happening.

Mine shows:

2008-07-08 12:25:02 1KGFzy-0008Cq-8b <= [email protected] H=adsl-68-75-26-208.dsl.daytnoh.ameritech.net (ANTISPAM) [xx.xx.xx.xx] P=esmtpa A=fixed_login:[email protected] S=664 [email protected] T="test"
2008-07-08 12:25:02 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1KGFzy-0008Cq-8b
2008-07-08 12:25:02 1KGFzy-0008Cq-8b ** [email protected] R=virtual_aliases:
2008-07-08 12:25:02 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1KGFzy-0008Cq-8b
2008-07-08 12:25:02 1KGFzy-0008Cw-Kj <= <> R=1KGFzy-0008Cq-8b U=mailnull P=local S=1489 T="Mail delivery failed: returning message to sender"
2008-07-08 12:25:02 1KGFzy-0008Cq-8b Completed

Mike

 

[ed.kalk]

tried :fail: no such user here and no dice

tried :fail: no such user here
and no dice

Still not working.

 

[mtindor]

Ok, I'm out of options. If it were my machine, I'd have it fixed. But I have little to go on working on the limited information you provide me. Besides you are running other software along with it (I'm not familiar with CMM). Good luck.

Mike

 

[ed.kalk]

I'm not using cmm and it is working now after restarting exim

I'm not using cmm and it appears to be working now after restarting exim

 

[mtindor]

Oh ok. I see that it was Newbies who was using CMM... not that I think it would have anything to do with it. I just can't rule out issues external to exim / Cpanel since I don't use third party software.

Glad you got it working. That's all that counts.

Mike