The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

blackhole for default address doesn't work

Discussion in 'E-mail Discussions' started by newbies, Jun 29, 2008.

  1. newbies

    newbies Active Member

    Joined:
    Jul 9, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    I have set :blackhole: for default address, but I still receive large volume of emails. Now my inbox has accumulated over 10k messages. I could not all the message using pop3 account for deletion. I have two questions:

    1) Why blackhole doesn't work?
    2) How can I delete the messages (where are they) under shell account (I have root access)?

    Thank you!
     
    #1 newbies, Jun 29, 2008
    Last edited: Jun 29, 2008
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    You need to stop using blackhole.

    What does blackhole do? It accepts the mail and then devnulls it (deletes it). If you use blackhole for the default address and somebody sends spam to 10,000 nonexistent email accounts at that domain, your server has to process that. If you use fail, then the server simply rejects any attempts by external servers/spammers to send mail to those nonexistent addresses during SMTP time. Significant performance improvements are had by using fail vs blackhole.

    There is no good reason to use blackhole. In fact, it shouldn't even be an option in Cpanel. If you are going to use blackhole, use :fail: instead. Fail will REJECT any mail to nonexistent email addresses for domains you house on the server, during SMTP time. More resource friendly, and better to reject mail to nonexistent users rather than accept that mail (making the sending server believe the user exists) and then sh1tcanning it.

    Mike
     
  3. newbies

    newbies Active Member

    Joined:
    Jul 9, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Thanks Mike.

    I thought blackhole will send mails nowhere. I will try :fail: to see what will happen.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  5. innsites

    innsites Well-Known Member

    Joined:
    Nov 30, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    :fail: not working --- lets mail through

    I am using :fail: no such address here on an addon domain, yet it still lets random xyz123@ mails come through.

    Why?
     
  6. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Just for the add-on domain, not the entire account?
     
  7. innsites

    innsites Well-Known Member

    Joined:
    Nov 30, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    :fail: fails for all random msgs

    Since you asked I went and tested a random address to primary domain as well. It also got through. Every default address for the account in question is set to fail and there are only very specific emails listed for forwarding purposes.

    What should I look for?

    /etc/valiases/domain does show

    *: :fail: no such address here

    for the primary domain as well as addons.
     
  8. newbies

    newbies Active Member

    Joined:
    Jul 9, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    I changed to :fail:, still I got emails. So neither fail nor blackhole works.

    I installed ConfigServer Mail Manage (cmm), I have to say it is a very convenient tool!
     
  9. ed.kalk

    ed.kalk Well-Known Member

    Joined:
    Jun 19, 2008
    Messages:
    76
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Minneapolis, MN
    My :fail: is not working

    My :fail: is not working can you help?

    I entered ":fail:" into the default address field and exim is still accepting mail to anything@domain.com. Please help.

    here is an example of one domain's valiases:

    root@mailserver [/etc/valiases]# cat excelmfg.com
    bryanf@excelmfg.com: bfisher@excelmfg.com
    cseifert@excelmfg.com: mrunions@excelmfg.com
    ddussan@excelmfg.com: bandrews@excelmfg.com
    engineering@excelmfg.com: adavis@excelmfg.com
    excelservice@excelmfg.com: service@excelmfg.com
    finance@excelmfg.com: mrunions@excelmfg.com
    jkasten@excelmfg.com: mrunions@excelmfg.com
    jpearson@excelmfg.com: akrueger@excelmfg.com
    jsiem@excelmfg.com: bandrews@excelmfg.com
    mwiggins@excelmfg.com: akrueger@excelmfg.com
    rwondrow@excelmfg.com: bandrews@excelmfg.com
    sales@excelmfg.com: mrunions@excelmfg.com
    scottr@excelmfg.com: twondrow@excelmfg.com
    tdouglas@excelmfg.com: twondrow@excelmfg.com
    tgifford@excelmfg.com: dsmith@excelmfg.com
    *: :fail:

    Is there something wrong with this?
     
  10. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Mine usually include a rejection message.. That may be the key.

    *: :fail: No Such User Here

    It may not be necessary, but you may try it like above and see if it makes a difference.

    Mike
     
  11. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Ok, I was wrong about that.

    It makes no difference if you use:

    *: :fail: No such user here
    or
    *: :fail:

    Either one should produce a rejection during SMTP if email is sent to a nonexistent address. However, having a failure reason afterwards that is sensible is recommended.

    If you just use *: :fail: you get:

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    test@mydomain.com


    If you use *: :fail: some_reason_here, you get:

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    test@mydomain.com
    some_reason_here


    So use a reason.

    However, that isn't your problem. Maybe it is because you have modified your exim? Did you try going to Exim Configuration Editor and resetting all of the default ACLs and config?

    Also, I know in WHM / Tweak Settings / Mail you will find:

    Default catch-all/default address behavior for new accounts. "fail" is usually the best choice if you are getting mail attacks.
    localuser blackhole fail


    Do you have it set to localuser, blackhole or fail? Mine is set to fail. It sounds as if this should only be important for new account creation, but maybe not. I'd make sure it was set to fail.

    Mike
     
  12. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Send yourself a test message to a nonexistent account. Then look in /var/log/exim_mainlog for entries for that message.

    It would be curious to see what yours says is happening.

    Mine shows:

    2008-07-08 12:25:02 1KGFzy-0008Cq-8b <= admins@mycorpdomain.com H=adsl-68-75-26-208.dsl.daytnoh.ameritech.net (ANTISPAM) [xx.xx.xx.xx] P=esmtpa A=fixed_login:admins@mycorpdomain.com S=664 id=C4A3288FF39646519908E88DB3E04F38@ANTISPAM T="test"
    2008-07-08 12:25:02 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1KGFzy-0008Cq-8b
    2008-07-08 12:25:02 1KGFzy-0008Cq-8b ** test@mydomain.com R=virtual_aliases:
    2008-07-08 12:25:02 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1KGFzy-0008Cq-8b
    2008-07-08 12:25:02 1KGFzy-0008Cw-Kj <= <> R=1KGFzy-0008Cq-8b U=mailnull P=local S=1489 T="Mail delivery failed: returning message to sender"
    2008-07-08 12:25:02 1KGFzy-0008Cq-8b Completed

    Mike
     
  13. ed.kalk

    ed.kalk Well-Known Member

    Joined:
    Jun 19, 2008
    Messages:
    76
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Minneapolis, MN
    tried :fail: no such user here and no dice

    tried :fail: no such user here
    and no dice

    Still not working.
     
  14. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Ok, I'm out of options. If it were my machine, I'd have it fixed. But I have little to go on working on the limited information you provide me. Besides you are running other software along with it (I'm not familiar with CMM). Good luck.

    Mike
     
  15. ed.kalk

    ed.kalk Well-Known Member

    Joined:
    Jun 19, 2008
    Messages:
    76
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Minneapolis, MN
    I'm not using cmm and it is working now after restarting exim

    I'm not using cmm and it appears to be working now after restarting exim
     
  16. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Oh ok. I see that it was Newbies who was using CMM... not that I think it would have anything to do with it. I just can't rule out issues external to exim / Cpanel since I don't use third party software.

    Glad you got it working. That's all that counts.

    Mike
     
Loading...

Share This Page