SOLVED Bouncing @qq.com emails

fmosse

Well-Known Member
Jan 6, 2002
46
1
308
Hi,

As I was receiving thousands of email from *@qq.com I have blocked it and Exim is sending bounced alerts: "Messages from this domain are blocked."

The problem is that now in the Email QUEUE are thousands of "bounced emails" for hours!

My Exim Configuration Manager configuration is

RETRYBLOCK
* * F,12h,15m; G,16h,15m,1.5; F,4d,30m

ignore_bounce_errors_after
1h

timeout_frozen_after
3d

auto_thaw
23h

deliver_queue_load_max
169

What should I do?
Thanks,
Francisco
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
96
78
India
cPanel Access Level
Root Administrator
Twitter
As I was receiving thousands of email from *@qq.com I have blocked it and Exim is sending bounced alerts: "Messages from this domain are blocked."
You can configured antivirus.empty file and set a filter in it and just delete the mail or move the mail to a different directly that will do the job.
 

fmosse

Well-Known Member
Jan 6, 2002
46
1
308
Hi!

How do I do that?

I am also having "legitim" emails in queue for almost 5-6 hours.

Thanks,
Francisco
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
As I was receiving thousands of email from *@qq.com I have blocked it and Exim is sending bounced alerts: "Messages from this domain are blocked."
Hello,

You could modify your filter to discard the messages from that domain name instead of bouncing them. As far as the existing emails in your queue, "WHM >> Mail Queue Manager" allows you to search for specific messages. You can search for all messages you want removed from the queue and then click on the "Delete All" button to remove them.

Thank you.
 

fmosse

Well-Known Member
Jan 6, 2002
46
1
308
Hello,

You could modify your filter to discard the messages from that domain name instead of bouncing them. As far as the existing emails in your queue, "WHM >> Mail Queue Manager" allows you to search for specific messages. You can search for all messages you want removed from the queue and then click on the "Delete All" button to remove them.

Thank you.
Hi!

Yes, I know that I can do it manually. But I would like that ALL the emails received from @qq.com are discarded or deleted automatically, without using the email queue. Because with each email I receive from that domain, the server sends another one with the bouncing message :(
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
How can I block qq.com domain from WHM? if somebody know please let me know. This may be the only solutions. Thanks
Hello @duapritpal,

Can you provide some more details about what in-particular you'd like to block? Is this regarding email, or the creation of a cPanel account with that domain?

Thank you.
 

Laurel A

Member
Jan 5, 2017
7
0
1
San Francisco, CA
cPanel Access Level
Root Administrator
I am having the same problem. I managed to block qq.com, but now +10 messages per minute (!!) queue up replying "Messages from this domain are blocked." I keep getting warnings about the queue being full and then I have to manually delete tens of thousands of these replies.

/usr/local/cpanel/etc/exim/sysfilter/options/custom_filter has:
if
$header_from: contains "@qq.com"
then
if error_message then save "/dev/null" 660 else fail "Messages from this domain are blocked." endif
endif

...but I don't know how to adjust this to just NOT send these messages back.

Thanks for any advice!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
Hello @Laurel A,

Can you let me know the output from /var/log/exim_mainlog when one of the emails from that domain name is sent to your server?

Thank you.
 

Laurel A

Member
Jan 5, 2017
7
0
1
San Francisco, CA
cPanel Access Level
Root Administrator
Hi @cPanelMichael,

Here's one:
2019-02-14 17:13:07 1guKZO-0001OG-Kx <= [email protected] H=(removed) [180.123.110.241]:41629 P=smtp S=927 [email protected] T="\346\203\240\350\230\232\347\216\204\350\262\264\351\223\203\350\224\241\347\260\226\346\205\246\345\255\253\346\230\223\350\250\230197664\351\273\236com\351\202\200\346\202\250\347\264\270\345\206\212\345\266\272\342\221\244\357\274\230\350\264\2175\342\222\2170\346\217\220\346\213\277\347\264\205\345\214\205+K\346\234\215180957104" for ***@****.com
2019-02-14 17:13:07 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1guKZO-0001OG-Kx
2019-02-14 17:13:07 1guKZO-0001OG-Kx cancelled by system filter: Messages from this domain are blocked.
2019-02-14 17:13:07 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1guKZO-0001OG-Kx
2019-02-14 17:13:07 1guKZP-0001P1-65 <= <> R=1guKZO-0001OG-Kx U=mailnull P=local S=2184 T="Mail delivery failed: returning message to sender" for [email protected]
2019-02-14 17:13:07 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1guKZP-0001P1-65
2019-02-14 17:13:07 1guKZP-0001P1-65 Sender identification U=mailnull D=-system- S=mailnull
2019-02-14 17:13:07 SMTP connection from (removed) [180.123.110.241]:41629 closed by QUIT
2019-02-14 17:13:07 1guKZO-0001OG-Kx Completed
2019-02-14 17:13:07 1guKZP-0001P1-65 == [email protected] R=dkim_lookuphost T=dkim_remote_smtp defer (-53): retry time not reached for any host for 'qq.com'

Thanks for taking a look!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
if error_message then save "/dev/null" 660 else fail "Messages from this domain are blocked." endif
2019-02-14 17:13:07 1guKZP-0001P1-65 <= <> R=1guKZO-0001OG-Kx U=mailnull P=local S=2184 T="Mail delivery failed: returning message to sender" for [email protected]
Hello @Laurel A,

It looks like Exim is bouncing the message as that is what the filter rule instructs it to do. If you want to simply delete the messages instead of bouncing them, then you'd need to use a rule like the one referenced on the following thread:

Need to filter ALL email

EX:

Code:
if
$header_from: contains "@qq.com"
then
seen finish
endif
Thank you.
 

Laurel A

Member
Jan 5, 2017
7
0
1
San Francisco, CA
cPanel Access Level
Root Administrator
Perfect, thank you. That looks like exactly what I wanted, but I wasn't confident that I understood the syntax well enough to experiment.

I replaced my prior block with the text above, restarted exim, and manually deleted all the qq.com queued bounce messages... and they're still happening. :eek:

EDIT: Apparently I just needed to complain about it, because now they've stopped. I guess there were messages still working their way through or something. :)


The text has properly been updated in /etc/cpanel_exim_system_filter . Do I need to rebuild exim? I'd try rebooting the whole server but that will have to wait until tonight.

Thank you so much for the help! I think a lot of people need this solution.
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
EDIT: Apparently I just needed to complain about it, because now they've stopped. I guess there were messages still working their way through or something.
Hello @Laurel A,

I'm glad to see it worked. Let us know if you encounter any additional issues.

Thanks!