Blocking all cPanel users from emailing specific domains/email accounts

[dusanf]

Hi,

What I`m trying to pull out is to prevent all cPanel users from specific dedicated server to email a specified, pre-made, list of domains or email addresses. This is to avoid spam traps and similar.

I came across a lot of topics for my issue on this forum and other forums but none had answer to my question fully.

Has anyone succeeded doing this?

This does seam like a good place to start How to Customize the Exim System Filter File - cPanel Knowledge Base - cPanel Documentation but i`d like to hear some more opinions first.

 

[sarath8372]

Hello,

If you are trying to block outbound spam mails, you can try enabling scan outgoing mail with Apache SpamAssassin option in Exim configuration. Please see : Scan Outgoing Mail - Documentation - cPanel Documentation

Also you may create an exim filter with something like below :

if $header_to: contains "@domain.com"
then
fail text "Your message to inform email users about the problem..."
seen finish
endif
if not first_delivery
then
finish
endif

Hope this helps..

 

[dusanf]

Hi,

We have a dating site and users often submit invites to their entire contact list to register but that often gives negative effects and spam reports so we are looking to block certain domains for example.

Could you please tell me how would custom exim rule look like for multiple domains, I guess like this:

if $header_to: contains "@domain.com"
then
fail text "Your message to inform email users about the problem..."
endif
if $header_to: contains "@domain2.com"
then
fail text "Your message to inform email users about the problem..."
endif

and so on and so on...

I will check apache spam assassin option for outbound, thanks!

 

[sarath8372]

You can use or/and operators instead of writing filter rule, action/message for each domain. Pasting below a sample filter (tested and working).

if ("$h_to:, $h_cc:" contains "@domain.com")
or ("$h_to:, $h_cc:" contains "@domain.com")
then
fail text "Your message to inform email users about the problem..."
seen finish
endif
if not first_delivery
then
finish
endif

 

[dusanf]

Thanks, that clarifies things to me a lot, do you maybe know is it possible to provide that filter path to a file that will containt list of mail addresses or domains? I have a lot of emails and domains on my list I wish to block

 

[sarath8372]

Here you go

for i in `cat /root/block_list.txt` ; do
if ("$h_to:, $h_cc:" contains "$i")
then
fail text "Your message to inform email users about the problem..."
seen finish
endif
if not first_delivery
then
finish
endif
done

Create the filter file in folder : /usr/local/cpanel/etc/exim/sysfilter/options/ and once created, rebuild exim conf.

/scripts/buildeximconf

Note : Make sure to replace the fail message with your custom message. You can add domains or email addresses in the block list file.

 

[dusanf]

Damn, you are good Thank you very much, I will test this tomorrow or day after and let you know how it went.
I'm very new to exim custom scripting and this helps me a lot, thanks again!

 

[dusanf]

Seams for cant be used, im reading more on this as we speak but nothing seams helpful when its a case to read a file with list of domains/emails to be blocked to receive email

LOG: MAIN
cwd=/usr/local/cpanel/whostmgr/docroot 4 args: exim -v -M 1b4twT-0003wh-U7
delivering 1b4twT-0003wh-U7
LOG: MAIN PANIC
Error in system filter: unknown filtering command "for" near line 240 of filter file

 

[sarath8372]

Hello,

I tested the filter on my cPanel VM before posting it here and it worked fine. Could you please let me know how you deployed the filter on your server?

 

[sarath8372]

Hello,

I am really sorry, I just rebuilt exim conf and noticed the same error. On further investigation, I learned that exim only allows few filtering commands in filter rule. So using for loop in filter file won't work. But I just created a script as a work around.

Create filter file in folder : /usr/local/cpanel/etc/exim/sysfilter/options/ with one domain in it as follows.

if ("$h_to:, $h_cc:" contains "@domain.com")
then
fail text "Emails to this domain/mail address is temporarily blocked by the Administrator"
seen finish
endif
if not first_delivery
then
finish
endif

Then create a file with list of rest of the domains/mail addresses that you want to block. Once created, run below script to add all the domains/email addresses from the file to custom filter.

for i in `cat /root/block_list.txt` ; do for j in `grep -n "contains" /usr/local/cpanel/etc/exim/sysfilter/options/filter_file | cut -d: -f1 | tail -1` ; do let "j++" ; sed -i "$(echo $j)i $(echo 'or ("$h_to:, $h_cc:" contains "'$i'")')" /usr/local/cpanel/etc/exim/sysfilter/options/filter_file ; done ; done

If you are adding domains/email addresses later, you can use below script for checking and removing duplicates from block list before adding them to filter file. The script will display duplicate domains/email addresses if any found.

for i in `cat /root/block_list.txt` ; do grep $i /usr/local/cpanel/etc/exim/sysfilter/options/filter_file > /tmp/new ; if [ $? = 0 ] ; then echo -e "\n\nFile contains duplicates :" ; cut -d'"' -f4 /tmp/new ; sed -i.bak "/${i}/d" /root/block_list.txt ; fi ; done

I hope this will help.

Notes :

1) If a mail contains any of the domains/mail addresses added in filter file in "To" or "Cc" fields, the mail will be blocked and won't be delivered to any of the recipients.

2) The second script will remove domain.com from block list file, if [email protected] found in filter file. But it will take a backup of the file as "block_list.bak" before removing lines from the file. So check for the duplicate domain/email address displayed after running the script.

3) Make sure to replace "/usr/local/cpanel/etc/exim/sysfilter/options/filter_file" (custom filter file) and "/root/block_list.txt" (list of domains/mail addresses to be blocked) in scripts with your file names.

 

[cPanelMichael]

Hello,

The steps listed in the previous response should meet your filter requirements. Feel free to update us on the outcome after implementing those filter rules.

Thank you.

 

[Vince0916]

Hello,

If you are trying to block outbound spam mails, you can try enabling scan outgoing mail with Apache SpamAssassin option in Exim configuration. Please see : Scan Outgoing Mail - Documentation - cPanel Documentation

Also you may create an exim filter with something like below :

if $header_to: contains "@domain.com"
then
fail text "Your message to inform email users about the problem..."
seen finish
endif
if not first_delivery
then
finish
endif

Hope this helps..

Hi,

Where did you code this?

Could you help me or any steps to perform this.

Thank you.

 

[cPanelMichael]

Hello,

Those rules were added to the Exim system filter. Documentation on how to edit the Exim system filter is available at:

How to Customize the Exim System Filter File - cPanel Knowledge Base - cPanel Documentation

Thank you.

 

[george valley]

if ("$h_to:, $h_cc:" contains "@domain.com")
then
fail text "Emails to this domain/mail address is temporarily blocked by the Administrator"
seen finish
endif
if not first_delivery
then
finish
endif

 

[Vince0916]

Hi,

I tried this code below, and it is working during sending email to yahoo.com and gmail.com but the fail text message didn't function it should be i receive email or bounce back that "Email to this mail address is temporarily blocked by the Administrator".

if ("$header_to:, $header_cc:" contains "@yahoo.com")
then
if ("$header_to:, $header_cc:" contains "@gmail.com")
fail text "Email to this mail address is temporarily blocked by the Administrator"
seen finish
endif
endif
if not first_delivery
then
finish
endif

Hoping for your immediate response with this concern.

Thank you.

 

[chanklish]

hello everyone .. what if i want only one or 2 emails to be able to send to this blocked domain ? what can i add in this ? like if XXX except YYY

if ("$h_to:, $h_cc:" contains "@domain.com")
then
fail text "Emails to this domain/mail address is temporarily blocked by the Administrator"
seen finish
endif
if not first_delivery
then
finish
endif

filter is not working , i am still able to send mail to the blocked domain - exim in xpanel can see the filter and i rebooted the exim service several times