Blocking all cPanel users from emailing specific domains/email accounts

dusanf

Active Member
Jul 22, 2009
25
2
53
cPanel Access Level
DataCenter Provider
Hi,

What I`m trying to pull out is to prevent all cPanel users from specific dedicated server to email a specified, pre-made, list of domains or email addresses. This is to avoid spam traps and similar.

I came across a lot of topics for my issue on this forum and other forums but none had answer to my question fully.

Has anyone succeeded doing this?

This does seam like a good place to start How to Customize the Exim System Filter File - cPanel Knowledge Base - cPanel Documentation but i`d like to hear some more opinions first.
 

sarath8372

Active Member
Jan 6, 2015
35
7
8
Kochi, India
cPanel Access Level
Root Administrator
Hello,

If you are trying to block outbound spam mails, you can try enabling scan outgoing mail with Apache SpamAssassin option in Exim configuration. Please see : Scan Outgoing Mail - Documentation - cPanel Documentation

Also you may create an exim filter with something like below :

Code:
if $header_to: contains "@domain.com"
then
fail text "Your message to inform email users about the problem..."
seen finish
endif
if not first_delivery
then
finish
endif
Hope this helps..
 
  • Like
Reactions: dusanf

dusanf

Active Member
Jul 22, 2009
25
2
53
cPanel Access Level
DataCenter Provider
Hi,

We have a dating site and users often submit invites to their entire contact list to register but that often gives negative effects and spam reports so we are looking to block certain domains for example.

Could you please tell me how would custom exim rule look like for multiple domains, I guess like this:

Code:
if $header_to: contains "@domain.com"
then
fail text "Your message to inform email users about the problem..."
endif
if $header_to: contains "@domain2.com"
then
fail text "Your message to inform email users about the problem..."
endif

and so on and so on...
I will check apache spam assassin option for outbound, thanks!
 

sarath8372

Active Member
Jan 6, 2015
35
7
8
Kochi, India
cPanel Access Level
Root Administrator
You can use or/and operators instead of writing filter rule, action/message for each domain. Pasting below a sample filter (tested and working).

Code:
if ("$h_to:, $h_cc:" contains "@domain.com")
or ("$h_to:, $h_cc:" contains "@domain.com")
then
fail text "Your message to inform email users about the problem..."
seen finish
endif
if not first_delivery
then
finish
endif
 

dusanf

Active Member
Jul 22, 2009
25
2
53
cPanel Access Level
DataCenter Provider
Thanks, that clarifies things to me a lot, do you maybe know is it possible to provide that filter path to a file that will containt list of mail addresses or domains? I have a lot of emails and domains on my list I wish to block
 

sarath8372

Active Member
Jan 6, 2015
35
7
8
Kochi, India
cPanel Access Level
Root Administrator
Here you go :)

Code:
for i in `cat /root/block_list.txt` ; do
if ("$h_to:, $h_cc:" contains "$i")
then
fail text "Your message to inform email users about the problem..."
seen finish
endif
if not first_delivery
then
finish
endif
done
Create the filter file in folder : /usr/local/cpanel/etc/exim/sysfilter/options/ and once created, rebuild exim conf.

Code:
/scripts/buildeximconf
Note : Make sure to replace the fail message with your custom message. You can add domains or email addresses in the block list file.
 
  • Like
Reactions: dusanf

dusanf

Active Member
Jul 22, 2009
25
2
53
cPanel Access Level
DataCenter Provider
Damn, you are good :) Thank you very much, I will test this tomorrow or day after and let you know how it went.
I'm very new to exim custom scripting and this helps me a lot, thanks again!
 

dusanf

Active Member
Jul 22, 2009
25
2
53
cPanel Access Level
DataCenter Provider
Seams for cant be used, im reading more on this as we speak but nothing seams helpful when its a case to read a file with list of domains/emails to be blocked to receive email

LOG: MAIN
cwd=/usr/local/cpanel/whostmgr/docroot 4 args: exim -v -M 1b4twT-0003wh-U7
delivering 1b4twT-0003wh-U7
LOG: MAIN PANIC
Error in system filter: unknown filtering command "for" near line 240 of filter file
 

sarath8372

Active Member
Jan 6, 2015
35
7
8
Kochi, India
cPanel Access Level
Root Administrator
Hello,

I tested the filter on my cPanel VM before posting it here and it worked fine. Could you please let me know how you deployed the filter on your server?
 

sarath8372

Active Member
Jan 6, 2015
35
7
8
Kochi, India
cPanel Access Level
Root Administrator
Hello,

I am really sorry, I just rebuilt exim conf and noticed the same error. On further investigation, I learned that exim only allows few filtering commands in filter rule. So using for loop in filter file won't work. But I just created a script as a work around.

Create filter file in folder : /usr/local/cpanel/etc/exim/sysfilter/options/ with one domain in it as follows.

Code:
if ("$h_to:, $h_cc:" contains "@domain.com")
then
fail text "Emails to this domain/mail address is temporarily blocked by the Administrator"
seen finish
endif
if not first_delivery
then
finish
endif
Then create a file with list of rest of the domains/mail addresses that you want to block. Once created, run below script to add all the domains/email addresses from the file to custom filter.

Code:
for i in `cat /root/block_list.txt` ; do for j in `grep -n "contains" /usr/local/cpanel/etc/exim/sysfilter/options/filter_file | cut -d: -f1 | tail -1` ; do let "j++" ; sed -i "$(echo $j)i $(echo 'or ("$h_to:, $h_cc:" contains "'$i'")')" /usr/local/cpanel/etc/exim/sysfilter/options/filter_file ; done ; done
If you are adding domains/email addresses later, you can use below script for checking and removing duplicates from block list before adding them to filter file. The script will display duplicate domains/email addresses if any found.

Code:
for i in `cat /root/block_list.txt` ; do grep $i /usr/local/cpanel/etc/exim/sysfilter/options/filter_file > /tmp/new ; if [ $? = 0 ] ; then echo -e "\n\nFile contains duplicates :" ; cut -d'"' -f4 /tmp/new ; sed -i.bak "/${i}/d" /root/block_list.txt ; fi ; done
I hope this will help.

Notes :

1) If a mail contains any of the domains/mail addresses added in filter file in "To" or "Cc" fields, the mail will be blocked and won't be delivered to any of the recipients.

2) The second script will remove domain.com from block list file, if [email protected] found in filter file. But it will take a backup of the file as "block_list.bak" before removing lines from the file. So check for the duplicate domain/email address displayed after running the script.

3) Make sure to replace "/usr/local/cpanel/etc/exim/sysfilter/options/filter_file" (custom filter file) and "/root/block_list.txt" (list of domains/mail addresses to be blocked) in scripts with your file names.
 
  • Like
Reactions: cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hello,

The steps listed in the previous response should meet your filter requirements. Feel free to update us on the outcome after implementing those filter rules.

Thank you.
 

Vince0916

Registered
Nov 3, 2016
4
0
1
Philippines
cPanel Access Level
Root Administrator
Hello,

If you are trying to block outbound spam mails, you can try enabling scan outgoing mail with Apache SpamAssassin option in Exim configuration. Please see : Scan Outgoing Mail - Documentation - cPanel Documentation

Also you may create an exim filter with something like below :

Code:
if $header_to: contains "@domain.com"
then
fail text "Your message to inform email users about the problem..."
seen finish
endif
if not first_delivery
then
finish
endif
Hope this helps..

Hi,

Where did you code this?

Could you help me or any steps to perform this.

Thank you.
 

george valley

Registered
Aug 17, 2016
1
0
1
Indore
cPanel Access Level
Website Owner
if ("$h_to:, $h_cc:" contains "@domain.com")
then
fail text "Emails to this domain/mail address is temporarily blocked by the Administrator"
seen finish
endif
if not first_delivery
then
finish
endif
 

Vince0916

Registered
Nov 3, 2016
4
0
1
Philippines
cPanel Access Level
Root Administrator
Hi,

I tried this code below, and it is working during sending email to yahoo.com and gmail.com but the fail text message didn't function it should be i receive email or bounce back that "Email to this mail address is temporarily blocked by the Administrator".
Code:
if ("$header_to:, $header_cc:" contains "@yahoo.com")
then
if ("$header_to:, $header_cc:" contains "@gmail.com")
fail text "Email to this mail address is temporarily blocked by the Administrator"
seen finish
endif
endif
if not first_delivery
then
finish
endif
Hoping for your immediate response with this concern.

Thank you.
 
Last edited by a moderator: