Blocking whole domains for incoming email - two solutions!

serichards

Well-Known Member
Dec 11, 2012
48
0
6
cPanel Access Level
Website Owner
For days I have been trying to work out how to do this with WHM. For some reason methods which should work and do work for others just don't for me.

So far I have found two solutions that do work.

/http://forum.ahosting.net/f15/how-manually-block-reject-emails-domain-exim-662.html

You need ssh access ideally to create and edit the blacklist file. It worked straight away with no fuss and no mess. Senders from those domains are rejected with a permanent fail but your normal sender verify errors or similar are also sent as it is further down in the exim process.

If you follow the first step of that method you can also use the ACL to block those senders earlier in the process then:

Scroll down to the acl_smtp_mail and find the custom_begin_mail section. Tick it and stick this in:

deny sender_domains = +exim_blacklist

message = $domain is manually blacklisted in ACL.​

exim_blacklist is the name you gave your blacklist file which is set in the ACL as shown in the link.

For some reason if you do the same with a normal domain list instead of the filename of a domain list it just doesn't work and exim blocks all mail with the same error. I spent ages fiddling around and couldn't get it to the same with a list in the ACL itself rather than referencing the list object created previously. I do not understand why this is the case. I'm assuming it is some kind of bug or delimiter issues as it makes no rational sense for it to work perfectly well with the same domains listed in a file and not work when make a list within the ACL section itself. Maybe some exim guru can explain why this is the case? WHM doesn't flag it up as a syntactic error either so there is no way of knowing why this doesn't appear to work as you'd expect.

I hope this helps others as it is such a useful thing to be able to do and something as a previous plesk user it is achieved in plesk in about 2 minutes as that has a server wide blacklist that takes domains, ips or wildcarded domains.

There's some very useful stuff in this link too:

/http://technotes.trostfamily.org/?p=184
Building a Poor Man’s Barracuda – cPanel edition - Tech Notes
 

serichards

Well-Known Member
Dec 11, 2012
48
0
6
cPanel Access Level
Website Owner
Why not post this to your original thread on same topic?
This thread is about the solutions so needs to have them right at the top where they can be found easily and help others. They won't help anyone buried in a thread with a now irrelevant title and endless posts about how nothing works... :)
 

jols

Well-Known Member
Mar 13, 2004
1,110
3
168
Where actually do you put the exim_blacklist list? And I am assuming if the name of your list is "eximblacklist" Then the line to include is this?

deny sender_domains = +eximblacklist

But for the life of me, I am unable to get anything but "unknown named domain list" in the exim logs. Tried just about everything at this time. I assume there is some relative path in exim somewhere, to put these kinds of files, but I am so far unable to find what the proper location should be.
 

jols

Well-Known Member
Mar 13, 2004
1,110
3
168
Okay, now what's this?

I go back to the WHM > Exim conf > Advanced

And I then I re-locate the custom_begin_mail field where I had only a moment ago added the following:

deny sender_domains = +/etc/exim_blacklist
message = $domain is manually blacklisted in ACL.


But now it's gone. The field is blank, and also there are no such settings in /etc/exim.conf

What the heck?
 

jols

Well-Known Member
Mar 13, 2004
1,110
3
168
Okay, this works, and I am glad this person Tokenbird, posted this solution, after 14 solid hours of effort, and trying a bazillion different methods, this is the only method I found that actually works:

/http://www.tokenbird.me.uk/2014/02/19/blocking-email-senders-by-domain-via-cpanelwhm/

By the way, I totally agree with the editorial content of the above post:


"You’d think this would be easy. In Plesk it is. It’s a doddle to blacklist any email domain you choose, server wide. With cpanel/whm it’s a complete pain in the neck...

If you actually want to do this and use a file of domains you want to block rather than writing lots of bits of perl to block every single domain individually then there is one solution. It involves getting into the whm advanced exim configuration editor and that seems the only way you can do it at all.

I couldn’t get any other method to work. Most would either generate errors in exim, the configuration build or worse still they wouldn’t generate any and then all email wouldn’t work! It doesn’t help that the exim configuration is very complicated and very easy to get hideously wrong."
 

jols

Well-Known Member
Mar 13, 2004
1,110
3
168
Update:

The method described at ahosting.net, and at tokenbird.me.uk, block both the incoming and outgoing email. That is, if the email message is sent TO or FROM a domain in the blacklist, then it is blocked.

In other words, the comment line in the tokenbird.me.uk, "# RBL Blacklist incoming hosts" is erroneous, that is, with regard to the word "incoming".

So now I am looking for a method to alter this, so that only incoming FROM domains are blocked.

Anyone?