Blocking a Country except 1 Domain

notanotherbot

Registered
Jan 23, 2019
1
0
1
South America
cPanel Access Level
Root Administrator
Good Day
I've forced to block traffic to our Site/Mail from a country, in this case MX, too much spam/malware/attacks to our services.
CC_DENY works excellent for this purpose, but we are facing 1 problem. Our company works with a bank (not our main bank) which is hosted enterely in Mexico.

I have added in cPHulk the following data to whitelist the range : 168.165.0.0/16
The IP range is owned by the bank.
I have added the range in ConfigServer MailScanner Front-End with no luck
But our server can't reach the remote mailserver.

Code:
2019-01-23 16:22:00 cwd=/var/spool/MailScanner/incoming 6 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -Mc 1gmO5r-0008Fi-6n 1gmO5s-0008Fs-32

2019-01-23 16:22:29 cwd=/usr/local/cpanel/whostmgr/docroot 6 args: exim -C /etc/exim_outgoing.conf -v -M 1gmO5r-0008Fi-6n

+++ 1gmO5r-0008Fi-6n has not completed +++
2019-01-23 16:21:47 1gmO5r-0008Fi-6n <= [email protected] H=(DESKTOP6DDG8OS) [xxx.xx.xxx.xxx]:51340 P=esmtpa A=dovecot_login:[email protected] S=2951 [email protected] T="Test Mail" for [email protected]
2019-01-23 16:22:00 1gmO5r-0008Fi-6n SMTP connection outbound 1548271320 1gmO5r-0008Fi-6n mycompany.cl [email protected]
2019-01-23 16:23:32 1gmO5r-0008Fi-6n H=smexstsip21.example.com.mx [168.165.xx.xx] Connection timed out
2019-01-23 16:24:35 1gmO5r-0008Fi-6n H=smexstsipgdl31.example.com.mx [168.165.xxx.xx] Connection timed out
2019-01-23 16:25:38 1gmO5r-0008Fi-6n H=smexstsipgdl11.example.com.mx
[168.165.208.24] Connection timed out
2019-01-23 16:26:41 1gmO5r-0008Fi-6n H=smexstsip11.example.com.mx [168.165.xx.xx] Connection timed out
There is any config to bypass/make exception the good work of CC_DENY function?

Thanks in Advance cPteam.
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hi @notanotherbot


You won't be able to do that with CC blocking enabled as it takes precedence over any whitelisting you might have in place. All CC blocking does is block all ranges associated with a country, it allows you to block massive amounts of IP addresses easily.
In order to do what you're requesting you'd need to block all IPs besides that one which could prove daunting. It may be that ConfigServer has a better way around this as they know their product better and you might check in with them as well. You can do that here: ConfigServer Community Forum - Index page