kodeslogic

Well-Known Member
Apr 26, 2020
293
103
118
IN
cPanel Access Level
Root Administrator
For the server-wide, you can filter incoming emails by domain

- Log in to WHM as the root user and navigate to the ‘Email’ section.
- Select the ‘Filter Incoming Emails by Domain’ option.
By using this interface, you can block emails from a particular domain. If you specify the domain in this interface, then your server rejects email messages when the ‘From’ address matches a blocked domain. This feature is useful to block all email messages from a domain that sends only spam.

You can block a domain by performing the below steps:
- To block a domain, you can add its detail in the ‘Blocked Domains’ text box. For blocking multiple domains, you can use a new line for each domain.
- Click ‘Save’.


To block emails from a specific email address for the particular cPanel account:
- Log in to cPanel
- Under the section Mail, click on Account-Level Filtering
- Under Create Filter, click on Create a new filter
- Enter the following information:
  • Filter Name: any name you wish to use
  • Under Rules: From - equals - EMAIL (EMAIL should be the address you wish to block)
  • Actions: Discard Message
- Click on Create
 

Michaelit

Well-Known Member
Aug 5, 2015
82
9
58
Greece
cPanel Access Level
Root Administrator
Thank you for the reply @kodeslogic.
I could follow the second option however there are a huge number of emails on the server. The first option block domains. What i need is to block from [email protected] to [email protected], from [email protected] to [email protected] and so on.

What i would like is something like

$domains = [test1.com, test2.com, test3.com,...test100.com]; //These are all the available domains (addons included) on the server

foreach ($domais as $domain) {
if ($from == [email protected]$domain AND $to == [email protected]$domain) then REJECT;
}
 
Last edited:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,037
767
313
cPanel Access Level
Root Administrator
It sounds like you are trying to stop spoofed message, where the from address is faked. There unfortunately isn't a 100% reliable way to stop that behavior, although we do have a guide that will help prevent them:

 

Michaelit

Well-Known Member
Aug 5, 2015
82
9
58
Greece
cPanel Access Level
Root Administrator
Thank you @cPRex!
Exactly, the last months users ([email protected]'sdomain.com) receive messages from ([email protected]'sdomain.com) where no-reply senders claim that the disk quota is almost full and click to the link to change that. As i have seen these messages are generated through PHP Script mail function.

I attach a relative image. I have enabled from the very first time the DKIM/SPF globally option however i am a little bit hesitant to enable Allow DKIM verification for incoming messages and reject DKIM failures in a matter of server's performance and general reliability.

What's your opinion about these two options?
 

Attachments

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,037
767
313
cPanel Access Level
Root Administrator
Those two options will definitely make the server authentication for incoming mail more strict, and would certainly cut down on spoofing. It's possible that it could affect legitimate messages, but nearly every mail server and admin has setup DKIM records by this point in time in order to send messages to any of the major mail providers.
 

Michaelit

Well-Known Member
Aug 5, 2015
82
9
58
Greece
cPanel Access Level
Root Administrator
So a legitimate income message that don't have a DKIM record will be rejected by my exim installation if i "enable Allow DKIM verification" and "reject DKIM failures" option. Right?
 

Michaelit

Well-Known Member
Aug 5, 2015
82
9
58
Greece
cPanel Access Level
Root Administrator
i did follow your instructions and enabled these two options:
- Allow DKIM verification for incoming messages and
- Reject DKIM Failures

under Exim configuration.

Can you please help me which log files have under consideration?