Blocking email spam to non existing user account after reaching certain number of fails?

bangkay

Registered
Dec 12, 2020
3
0
1
Philippines
cPanel Access Level
Root Administrator
Hi everyone,

As title suggest, is there a way to automatically block or disable the sender's email for certain amount of time (after receving no of failed emails) before they can send again? we got flooded of spam mails to users who does not exist in our domain and this may cause additional process or stress to our domain server.

I already enabled the Dictionary attack protection in the WHM - Exim configuration manager - ACL but I'm not sure how it really works as you can see in my screenshot:

1626167169218.png

Does it need to be separate email send time or must be received by a existing user first to be flagged as a dictionary attack? I only saw it twice to be flagged it as dictionary attack but only after it went to a existing user after couple of fails to non existing users.

1626167709965.png
But most of the time, it will be just flood of email fails to non existing users.

I don't want to create a 'blackhole' catch as this may cause problems to legit senders to verify if their email received successfully to the other end. Blocking/discarding the spammer email account will be just a temporary solution as they will create another email account to do their spam email activities.

Thank you and regards.
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,923
912
313
cPanel Access Level
Root Administrator
Thanks for the additional details. There aren't any tools in cPanel that would automatically setup a firewall-level block of the IP address. However, other services like CSF, although not officially supported by us, do have this functionality that you can add with some custom code. One example of this can be found here:


I wouldn't be able to advise on that or the custom code though, so you may need to experiment with that a bit to get the desired results.