blackhole for default address doesn't work

You need to stop using blackhole.

What does blackhole do? It accepts the mail and then devnulls it (deletes it). If you use blackhole for the default address and somebody sends spam to 10,000 nonexistent email accounts at that domain, your server has to process that. If you use fail, then the server simply rejects any attempts by external servers/spammers to send mail to those nonexistent addresses during SMTP time. Significant performance improvements are had by using fail vs blackhole.

There is no good reason to use blackhole. In fact, it shouldn't even be an option in Cpanel. If you are going to use blackhole, use :fail: instead. Fail will REJECT any mail to nonexistent email addresses for domains you house on the server, during SMTP time. More resource friendly, and better to reject mail to nonexistent users rather than accept that mail (making the sending server believe the user exists) and then sh1tcanning it.

Mike

 

Blackhole has major problems. There's a long description of what mtindor that I wrote a few years back:
http://configserver.com/free/fail.html

 

:fail: not working --- lets mail through

I am using :fail: no such address here on an addon domain, yet it still lets random xyz123@ mails come through.

Why?

 

Just for the add-on domain, not the entire account?

 

:fail: fails for all random msgs

Since you asked I went and tested a random address to primary domain as well. It also got through. Every default address for the account in question is set to fail and there are only very specific emails listed for forwarding purposes.

What should I look for?

/etc/valiases/domain does show

*: :fail: no such address here

for the primary domain as well as addons.

 

My :fail: is not working

My :fail: is not working can you help?

I entered ":fail:" into the default address field and exim is still accepting mail to anything@domain.com. Please help.

here is an example of one domain's valiases:

root@mailserver [/etc/valiases]# cat excelmfg.com
bryanf@excelmfg.com: bfisher@excelmfg.com
cseifert@excelmfg.com: mrunions@excelmfg.com
ddussan@excelmfg.com: bandrews@excelmfg.com
engineering@excelmfg.com: adavis@excelmfg.com
excelservice@excelmfg.com: service@excelmfg.com
finance@excelmfg.com: mrunions@excelmfg.com
jkasten@excelmfg.com: mrunions@excelmfg.com
jpearson@excelmfg.com: akrueger@excelmfg.com
jsiem@excelmfg.com: bandrews@excelmfg.com
mwiggins@excelmfg.com: akrueger@excelmfg.com
rwondrow@excelmfg.com: bandrews@excelmfg.com
sales@excelmfg.com: mrunions@excelmfg.com
scottr@excelmfg.com: twondrow@excelmfg.com
tdouglas@excelmfg.com: twondrow@excelmfg.com
tgifford@excelmfg.com: dsmith@excelmfg.com
*: :fail:

Is there something wrong with this?

 

Mine usually include a rejection message.. That may be the key.

*: :fail: No Such User Here

It may not be necessary, but you may try it like above and see if it makes a difference.

Mike

 

Ok, I was wrong about that.

It makes no difference if you use:

*: :fail: No such user here
or
*: :fail:

Either one should produce a rejection during SMTP if email is sent to a nonexistent address. However, having a failure reason afterwards that is sensible is recommended.

If you just use *: :fail: you get:

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

test@mydomain.com

If you use *: :fail: some_reason_here, you get:

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

test@mydomain.com
some_reason_here

So use a reason.

However, that isn't your problem. Maybe it is because you have modified your exim? Did you try going to Exim Configuration Editor and resetting all of the default ACLs and config?

Also, I know in WHM / Tweak Settings / Mail you will find:

Default catch-all/default address behavior for new accounts. "fail" is usually the best choice if you are getting mail attacks.
localuser blackhole fail

Do you have it set to localuser, blackhole or fail? Mine is set to fail. It sounds as if this should only be important for new account creation, but maybe not. I'd make sure it was set to fail.

Mike

 

Send yourself a test message to a nonexistent account. Then look in /var/log/exim_mainlog for entries for that message.

It would be curious to see what yours says is happening.

Mine shows:

2008-07-08 12:25:02 1KGFzy-0008Cq-8b <= admins@mycorpdomain.com H=adsl-68-75-26-208.dsl.daytnoh.ameritech.net (ANTISPAM) [xx.xx.xx.xx] P=esmtpa A=fixed_login:admins@mycorpdomain.com S=664 id=C4A3288FF39646519908E88DB3E04F38@ANTISPAM T="test"
2008-07-08 12:25:02 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1KGFzy-0008Cq-8b
2008-07-08 12:25:02 1KGFzy-0008Cq-8b ** test@mydomain.com R=virtual_aliases:
2008-07-08 12:25:02 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1KGFzy-0008Cq-8b
2008-07-08 12:25:02 1KGFzy-0008Cw-Kj <= <> R=1KGFzy-0008Cq-8b U=mailnull P=local S=1489 T="Mail delivery failed: returning message to sender"
2008-07-08 12:25:02 1KGFzy-0008Cq-8b Completed

Mike

 

tried :fail: no such user here and no dice

tried :fail: no such user here
and no dice

Still not working.

 

Ok, I'm out of options. If it were my machine, I'd have it fixed. But I have little to go on working on the limited information you provide me. Besides you are running other software along with it (I'm not familiar with CMM). Good luck.

Mike

 

I'm not using cmm and it is working now after restarting exim

I'm not using cmm and it appears to be working now after restarting exim

 

Oh ok. I see that it was Newbies who was using CMM... not that I think it would have anything to do with it. I just can't rule out issues external to exim / Cpanel since I don't use third party software.

Glad you got it working. That's all that counts.

Mike