The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Block Incoming Mail on a Server Level

Discussion in 'E-mail Discussions' started by webdr, Sep 11, 2007.

  1. webdr

    webdr Member

    Joined:
    Jun 12, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Exim is generating very large log files on a server which hosts about 60 domains belonging to one client, some of the domain names being very old and subject to large amount of spam. The device containing /var/log is reaching close to 100% usage just as the log files rotate. Less than 10 of the domains actually use mail, the rest being configured to :fail:.

    Some of the things I have either tried or have considered are:

    • removing valias file for a domain (still generates log entries)
    • alias the primary maillog file to another device (does not deal with the problem really)
    • remove MX from zone file (still resolves via A record)

    It would make more sense to simply (or not simply?) block the mail for these domains before they reach the MTA. While the server performs well even under the load, there seems to be no logical reason to subject it to the processing of mail which will never be delivered.

    Is there a way to block mail to defined domains on a server level so the connection would be rejected immediately?
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That's what :fail: will do. You'll still see the connection and rejection in the exim logs. One idea would be to point MX record to an A record that goes to 127.0.0.1 for those domains that you don't want to see any email for. You'll still probably get some coming through on the A record, but it should be less that if you simply remove the MX record.
     
  3. webdr

    webdr Member

    Joined:
    Jun 12, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    That looks like a promising solution. Am trying it out now and will post results. Thanks!
     
  4. dragon2611

    dragon2611 Well-Known Member

    Joined:
    Nov 30, 2003
    Messages:
    126
    Likes Received:
    0
    Trophy Points:
    16
    maybe ASSP or ASSPx might help..

    Amount of spam i've been getting on my domain email accounts has plummeted since I started using that :D :cool:
     
  5. webdr

    webdr Member

    Joined:
    Jun 12, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Mail is rejected with a server misconfiguration error. A single entry is made in the log (cannot deliver...) instead of multiple entries. This is an improvement and should reduce log file size and reduce server impact.

    While not a perfect solution, it is adequate. With any luck spammers will stop hitting these domains over time (not holding breath).

    Thanks again!
     
  6. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    I have an address I used to sign up for a mailing list back in 1996 that still gets email. I stopped using it looong ago. I don't think they EVER give up...
     
  7. kev1nk

    kev1nk Member

    Joined:
    Sep 11, 2007
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Re: miail issues

    Hello,

    Your story sounds horrible. I think that you already know that the cPanel team has begun to use a new "strategy" in the mail service configuration - access list. You could use the "rcpt" check access list in order to create custom rules for your needs. You could create your own policy and the "bad" e-mail messages will be discarded very fast. However they will reach the SMTP service and they will be discarded after that. So they will reach the application (layer 7).

    I am afraid that the only possibility to prevent the attack is to use layer 7 based firewall on the local machine, to use a spam filtering device before your server or 3rd party smtp machine.

    Otherwise you will have to configure your machine properly.

    Best Regards
    Kevin K
     
Loading...

Share This Page