Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Block incoming emails from domain

Discussion in 'E-mail Discussion' started by DennisMidjord, Aug 1, 2017.

Tags:
  1. DennisMidjord

    DennisMidjord Well-Known Member

    Joined:
    Sep 27, 2016
    Messages:
    141
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Is it possible to block incoming emails from a specific domain? Some of our users have setup contact forms without captchas and are being targeted with spam from a list of @qq.com emails. Is it possible to block emails from this domain completely?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,855
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. DennisMidjord

    DennisMidjord Well-Known Member

    Joined:
    Sep 27, 2016
    Messages:
    141
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    That's seems easy.
    Code:
    if ("$h_from:" contains "@qq.com")
    then fail
    endif
    Would that do it?

    Also, just to be clear - would blocking all incoming messages from @qq.com accounts be a bad thing? I've never seen a legitimate email coming from any account with the qq.com domain.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,855
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I don't see any harm in blocking all messages from a specific domain name if you know there is no legitimate mail sent from it. Here's an example of how the filter rule should look like:

    Code:
    if
     $header_from: contains "@qq.com"
    then
     if error_message then save "/dev/null" 660 else fail "Messages from this domain are blocked." endif
    endif
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    John W likes this.
  5. t4x0n

    t4x0n Registered

    Joined:
    Dec 14, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Concepción, Chile
    cPanel Access Level:
    Root Administrator
    Hello,

    in case I need apply this rule to more than one email address or domain, is possible add more lines between "if" and "then"? or what is the method for that?

    Thank you!
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,855
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Yes, you'd just insert it using "OR" like this:

    Code:
    if
     $header_from: contains "qqq.com"
     or $header_from: contains "zzz.com"
    then
     if error_message then save "/dev/null" 660 else fail "Messages from this domain are blocked." endif
    endif
    
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    EneTar likes this.
  7. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    137
    Likes Received:
    9
    Trophy Points:
    18
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    To block Hosts or Host ips we should use $sender_host_address or $received_ip_address instead of
    $header_from ?
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,855
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Per Exim's documentation:

    However, you should still be able to use the "Any Header" option with the "contains" operator to achieve the same thing (e.g. Any Header contains 10.1.1.1).

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    EneTar likes this.
  9. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    137
    Likes Received:
    9
    Trophy Points:
    18
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Can you please describe how to modify this so that the email is discarded silently with no bounce message to the sender?
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,855
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    In this case, the rule would look something like this:

    Code:
    if
     $header_from: contains "abc.tld"
     or $header_from: contains "123.tld"
    then
     save "/dev/null" 660
    endif
    
    Note can create filter rules in cPanel (using a test account) and then view them from the command line as a method of determining which filter rules to utilize.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    EneTar likes this.
  11. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    137
    Likes Received:
    9
    Trophy Points:
    18
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Michael I noticed that the Mail queue in WHM (Home »Email »Mail Queue Manager) contains a lot of emails all of them
    from the domains listed here
    Code:
    if
     $header_from: contains "abc.tld"
     or $header_from: contains "123.tld"
    then
     save "/dev/null" 660
    endif
    
    For example abc.tld and 123.tld.

    is there anyway those messages are discarded and be forgotten once and for all?
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,855
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Can you let us know of any specific error messages when you attempt to deliver one of the messages in the queue? Also, what's a corresponding entry for one of the messages in the queue from /var/log/exim_mainlog? EX:

    Code:
    exigrep user@domain /var/log/exim_mainlog
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    137
    Likes Received:
    9
    Trophy Points:
    18
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    I went ot the queue and tried to deliver one of those messages. I got this output
    Code:
    LOG: MAIN
      cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 1f6cta-000287-Se
    delivering 1f6cta-000287-Se
    LOG: MAIN
      original recipients ignored (system filter)
    LOG: MAIN PANIC
      == /dev/null <system-filter> routing defer (-1): system_filter_file_transport is unset

    exim_mainlog looks like this for this email ID
    Code:
    2018-04-28 06:59:25 1f6cta-000287-Se == /dev/null <system-filter> routing defer (-1): system_filter_file_transport is unset
    2018-04-28 07:29:25 1f6cta-000287-Se original recipients ignored (system filter)
    2018-04-28 07:29:25 1f6cta-000287-Se == /dev/null <system-filter> routing defer (-1): system_filter_file_transport is unset
    2018-04-28 07:59:25 1f6cta-000287-Se original recipients ignored (system filter)
    2018-04-28 07:59:25 1f6cta-000287-Se == /dev/null <system-filter> routing defer (-1): system_filter_file_transport is unset
    2018-04-28 08:29:33 1f6cta-000287-Se original recipients ignored (system filter)
    2018-04-28 08:29:33 1f6cta-000287-Se == /dev/null <system-filter> routing defer (-1): system_filter_file_transport is unset
    2018-04-28 08:59:28 1f6cta-000287-Se original recipients ignored (system filter)
    2018-04-28 08:59:28 1f6cta-000287-Se == /dev/null <system-filter> routing defer (-1): system_filter_file_transport is unset
    2018-04-28 09:29:25 1f6cta-000287-Se original recipients ignored (system filter)
    2018-04-28 09:29:25 1f6cta-000287-Se == /dev/null <system-filter> routing defer (-1): system_filter_file_transport is unset
    2018-04-28 09:59:29 1f6cta-000287-Se original recipients ignored (system filter)
    2018-04-28 09:59:29 1f6cta-000287-Se == /dev/null <system-filter> routing defer (-1): system_filter_file_transport is unset
    2018-04-28 10:07:39 cwd=/usr/local/cpanel/whostmgr/docroot 3 args: /usr/sbin/exim -Mvh 1f6cta-000287-Se
    2018-04-28 10:07:39 cwd=/usr/local/cpanel/whostmgr/docroot 3 args: /usr/sbin/exim -Mvb 1f6cta-000287-Se
    2018-04-28 10:08:32 cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 1f6cta-000287-Se
    2018-04-28 10:08:32 1f6cta-000287-Se original recipients ignored (system filter)
    2018-04-28 10:08:32 1f6cta-000287-Se == /dev/null <system-filter> routing defer (-1): system_filter_file_transport is unset
     
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,855
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @EneTar,

    Keep in mind that assistance with custom Exim filter rules is generally outside our scope of support. I recommend reaching out to a qualified system administrator, or posting to the Exim User's mailing list for in-depth technical assistance with custom filter rules. That said, one solution to try is to change the following section of your filter rule:

    Code:
    then
     save "/dev/null" 660
    endif
    
    To:

    Code:
    then noerror seen finish
    endif
    
    Exim documents this at:

    3. Exim filter files

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice