blackhole for default address doesn't work

newbies

Active Member
Jul 9, 2004
31
1
156
I have set :blackhole: for default address, but I still receive large volume of emails. Now my inbox has accumulated over 10k messages. I could not all the message using pop3 account for deletion. I have two questions:

1) Why blackhole doesn't work?
2) How can I delete the messages (where are they) under shell account (I have root access)?

Thank you!
 
Last edited:

mtindor

Well-Known Member
Sep 14, 2004
1,457
112
193
inside a catfish
cPanel Access Level
Root Administrator
You need to stop using blackhole.

What does blackhole do? It accepts the mail and then devnulls it (deletes it). If you use blackhole for the default address and somebody sends spam to 10,000 nonexistent email accounts at that domain, your server has to process that. If you use fail, then the server simply rejects any attempts by external servers/spammers to send mail to those nonexistent addresses during SMTP time. Significant performance improvements are had by using fail vs blackhole.

There is no good reason to use blackhole. In fact, it shouldn't even be an option in Cpanel. If you are going to use blackhole, use :fail: instead. Fail will REJECT any mail to nonexistent email addresses for domains you house on the server, during SMTP time. More resource friendly, and better to reject mail to nonexistent users rather than accept that mail (making the sending server believe the user exists) and then sh1tcanning it.

Mike
 

newbies

Active Member
Jul 9, 2004
31
1
156
Thanks Mike.

I thought blackhole will send mails nowhere. I will try :fail: to see what will happen.
 

innsites

Well-Known Member
Nov 30, 2005
57
0
156
:fail: not working --- lets mail through

I am using :fail: no such address here on an addon domain, yet it still lets random [email protected] mails come through.

Why?
 

innsites

Well-Known Member
Nov 30, 2005
57
0
156
:fail: fails for all random msgs

Since you asked I went and tested a random address to primary domain as well. It also got through. Every default address for the account in question is set to fail and there are only very specific emails listed for forwarding purposes.

What should I look for?

/etc/valiases/domain does show

*: :fail: no such address here

for the primary domain as well as addons.
 

newbies

Active Member
Jul 9, 2004
31
1
156
You need to stop using blackhole.

Mike
I changed to :fail:, still I got emails. So neither fail nor blackhole works.

I installed ConfigServer Mail Manage (cmm), I have to say it is a very convenient tool!
 

ed.kalk

Well-Known Member
Jun 19, 2008
76
0
56
Minneapolis, MN
My :fail: is not working

Blackhole has major problems. There's a long description of what mtindor that I wrote a few years back:
http://configserver.com/free/fail.html
My :fail: is not working can you help?

I entered ":fail:" into the default address field and exim is still accepting mail to [email protected]. Please help.

here is an example of one domain's valiases:

[email protected] [/etc/valiases]# cat excelmfg.com
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
[email protected]: [email protected]
*: :fail:

Is there something wrong with this?
 

mtindor

Well-Known Member
Sep 14, 2004
1,457
112
193
inside a catfish
cPanel Access Level
Root Administrator
Mine usually include a rejection message.. That may be the key.

*: :fail: No Such User Here

It may not be necessary, but you may try it like above and see if it makes a difference.

Mike
 

mtindor

Well-Known Member
Sep 14, 2004
1,457
112
193
inside a catfish
cPanel Access Level
Root Administrator
Ok, I was wrong about that.

It makes no difference if you use:

*: :fail: No such user here
or
*: :fail:

Either one should produce a rejection during SMTP if email is sent to a nonexistent address. However, having a failure reason afterwards that is sensible is recommended.

If you just use *: :fail: you get:

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]


If you use *: :fail: some_reason_here, you get:

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
some_reason_here


So use a reason.

However, that isn't your problem. Maybe it is because you have modified your exim? Did you try going to Exim Configuration Editor and resetting all of the default ACLs and config?

Also, I know in WHM / Tweak Settings / Mail you will find:

Default catch-all/default address behavior for new accounts. "fail" is usually the best choice if you are getting mail attacks.
localuser blackhole fail


Do you have it set to localuser, blackhole or fail? Mine is set to fail. It sounds as if this should only be important for new account creation, but maybe not. I'd make sure it was set to fail.

Mike
 

mtindor

Well-Known Member
Sep 14, 2004
1,457
112
193
inside a catfish
cPanel Access Level
Root Administrator
Send yourself a test message to a nonexistent account. Then look in /var/log/exim_mainlog for entries for that message.

It would be curious to see what yours says is happening.

Mine shows:

2008-07-08 12:25:02 1KGFzy-0008Cq-8b <= [email protected] H=adsl-68-75-26-208.dsl.daytnoh.ameritech.net (ANTISPAM) [xx.xx.xx.xx] P=esmtpa A=fixed_login:[email protected] S=664 [email protected] T="test"
2008-07-08 12:25:02 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1KGFzy-0008Cq-8b
2008-07-08 12:25:02 1KGFzy-0008Cq-8b ** [email protected] R=virtual_aliases:
2008-07-08 12:25:02 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1KGFzy-0008Cq-8b
2008-07-08 12:25:02 1KGFzy-0008Cw-Kj <= <> R=1KGFzy-0008Cq-8b U=mailnull P=local S=1489 T="Mail delivery failed: returning message to sender"
2008-07-08 12:25:02 1KGFzy-0008Cq-8b Completed

Mike
 

mtindor

Well-Known Member
Sep 14, 2004
1,457
112
193
inside a catfish
cPanel Access Level
Root Administrator
Ok, I'm out of options. If it were my machine, I'd have it fixed. But I have little to go on working on the limited information you provide me. Besides you are running other software along with it (I'm not familiar with CMM). Good luck.

Mike
 

ed.kalk

Well-Known Member
Jun 19, 2008
76
0
56
Minneapolis, MN
I'm not using cmm and it is working now after restarting exim

I'm not using cmm and it appears to be working now after restarting exim
 

mtindor

Well-Known Member
Sep 14, 2004
1,457
112
193
inside a catfish
cPanel Access Level
Root Administrator
Oh ok. I see that it was Newbies who was using CMM... not that I think it would have anything to do with it. I just can't rule out issues external to exim / Cpanel since I don't use third party software.

Glad you got it working. That's all that counts.

Mike