apogee

Well-Known Member
Nov 8, 2004
122
11
168
Europe
cPanel Access Level
DataCenter Provider
Hello,

I've a problem with a stupid spamer, he sends me tousends of mails a day but he's not blacklisted in any blacklist, so now I want to blacklist his domains in my exim, but how?

I've tried some how-to's which I found but nothing has worked for me.

I know I can block the IP with whm but the domain of the spamer is hosted on a server which also hosts some domains which sends legitime mails to my customers, so I cant block the server IP address.

any sugestions?

thanks!
 

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,545
12
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
I recommend creating a filter to match the desired domain names and discard or reject ("fail with message") the Spam. An alternative may be to use SpamAssassin (if it's enabled on the system) and add the Spammer's domain-specific addresses to the SpamAssassin blacklist via cPanel.

The described Mail features are detailed in-depth at the following site, including Account-Level Filters, User-Level Filters, BoxTrapper, and SpamAssassin:
CpanelMail < AllDocumentation/CpanelDocs < TWiki

Specific sections within the above documentation:
AccountFiltering < AllDocumentation/CpanelDocs < TWiki
UserFiltering < AllDocumentation/CpanelDocs < TWiki
BoxTrapper < AllDocumentation/CpanelDocs < TWiki
SpamAssassin < AllDocumentation/CpanelDocs < TWiki
 

apogee

Well-Known Member
Nov 8, 2004
122
11
168
Europe
cPanel Access Level
DataCenter Provider
thanks, I already know this but so I must logon to each customers panel und block the domain, not a solution. I want to block the domain for all users on my server. What I need is a "global block" like the IP blocker in whm but not for IP's - for domainnames.
 
Last edited:

sehh

Well-Known Member
Feb 11, 2006
579
6
168
Europe
Can't you just ban his IP address or whole network block?

You can just add any IP addresses or networks under: /etc/spammeripblocks

For example:

93.188.160.0/24

blocks the entire 93.188.160.xxx range
 

rzamites

Member
PartnerNOC
Aug 22, 2007
13
1
51
Or, edit the cpanel/Exim filter file (/etc/cpanel_exim_system_filter) and add a block for the domain(s) in question:


Open that file via SSH using your favorite editor and add the following to it :

if first_delivery
and ( (“$h_from:” contains “[email protected]”)
)
then fail
endif

If you would like a copy of the email to be sent to you after the message fails, use the following code :

if first_delivery
and ( (“$h_from:” contains “[email protected]”)
)
then
unseen deliver “[email protected]
fail
endif

Make sure that you substitute the correct email addresses in the above code.
Hope this helps someone else.
 
  • Like
Reactions: Patrick Heinz