Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Block incoming emails from domain

Discussion in 'E-mail Discussions' started by DennisMidjord, Aug 1, 2017.

Tags:
  1. DennisMidjord

    DennisMidjord Well-Known Member

    Joined:
    Sep 27, 2016
    Messages:
    120
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Is it possible to block incoming emails from a specific domain? Some of our users have setup contact forms without captchas and are being targeted with spam from a list of @qq.com emails. Is it possible to block emails from this domain completely?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,713
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. DennisMidjord

    DennisMidjord Well-Known Member

    Joined:
    Sep 27, 2016
    Messages:
    120
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    That's seems easy.
    Code:
    if ("$h_from:" contains "@qq.com")
    then fail
    endif
    Would that do it?

    Also, just to be clear - would blocking all incoming messages from @qq.com accounts be a bad thing? I've never seen a legitimate email coming from any account with the qq.com domain.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,713
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I don't see any harm in blocking all messages from a specific domain name if you know there is no legitimate mail sent from it. Here's an example of how the filter rule should look like:

    Code:
    if
     $header_from: contains "@qq.com"
    then
     if error_message then save "/dev/null" 660 else fail "Messages from this domain are blocked." endif
    endif
    Thank you.
     
    John W likes this.
  5. t4x0n

    t4x0n Registered

    Joined:
    Dec 14, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Concepción, Chile
    cPanel Access Level:
    Root Administrator
    Hello,

    in case I need apply this rule to more than one email address or domain, is possible add more lines between "if" and "then"? or what is the method for that?

    Thank you!
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,713
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Yes, you'd just insert it using "OR" like this:

    Code:
    if
     $header_from: contains "qqq.com"
     or $header_from: contains "zzz.com"
    then
     if error_message then save "/dev/null" 660 else fail "Messages from this domain are blocked." endif
    endif
    
    Thank you.
     
    EneTar likes this.
  7. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    125
    Likes Received:
    8
    Trophy Points:
    18
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    To block Hosts or Host ips we should use $sender_host_address or $received_ip_address instead of
    $header_from ?
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,713
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Per Exim's documentation:

    However, you should still be able to use the "Any Header" option with the "contains" operator to achieve the same thing (e.g. Any Header contains 10.1.1.1).

    Thank you.
     
    EneTar likes this.
  9. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    125
    Likes Received:
    8
    Trophy Points:
    18
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Can you please describe how to modify this so that the email is discarded silently with no bounce message to the sender?
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,713
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    In this case, the rule would look something like this:

    Code:
    if
     $header_from: contains "abc.tld"
     or $header_from: contains "123.tld"
    then
     save "/dev/null" 660
    endif
    
    Note can create filter rules in cPanel (using a test account) and then view them from the command line as a method of determining which filter rules to utilize.

    Thank you.
     
    EneTar likes this.
  11. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    125
    Likes Received:
    8
    Trophy Points:
    18
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Michael I noticed that the Mail queue in WHM (Home »Email »Mail Queue Manager) contains a lot of emails all of them
    from the domains listed here
    Code:
    if
     $header_from: contains "abc.tld"
     or $header_from: contains "123.tld"
    then
     save "/dev/null" 660
    endif
    
    For example abc.tld and 123.tld.

    is there anyway those messages are discarded and be forgotten once and for all?
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,713
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Can you let us know of any specific error messages when you attempt to deliver one of the messages in the queue? Also, what's a corresponding entry for one of the messages in the queue from /var/log/exim_mainlog? EX:

    Code:
    exigrep user@domain /var/log/exim_mainlog
    Thank you.
     
Loading...

Share This Page