The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[BUG] Exim deliver emails to wrong account!!!

Discussion in 'E-mail Discussions' started by H2Hosting.com, Jul 20, 2003.

  1. H2Hosting.com

    H2Hosting.com Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    Situation:

    I disabled catch-all account for one of my domain (mydomain.com) and set

    verify = recipient/defer_ok/callout=10s,defer_ok
    in /etc/exim.conf so all mail to account that does not exist on @mydomain.com
    must be bounced on SMTP level without local delivery.

    Example: 2003-07-20 05:00:41 H=(bla) [111.111.111.111] F=<--@-----------.com> rejected RCPT <sss@mydomain.com>: Unrouteable address

    I have user account "user" /home/user/

    What I have: Exim deliver email to "user@mydomain.com" to default
    account of "user@blablabla.com"

    :rolleyes:

    p.s. Exim 4.2 - 190

    cPanel.net Support Ticket Number: 18765
     
    #1 H2Hosting.com, Jul 20, 2003
    Last edited: Jul 20, 2003
  2. H2Hosting.com

    H2Hosting.com Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    I received reply from Cpanel support:

    ----------------------------------------------
    Instead of that filter, the easier way would be to set the default account to :fail: in the cpanel mail configure screen.
    ----------------------------------------------
    1) Yes, thank you - it works....but is there another way to do it?
    I think that on some of our accounts *: (default address line) was removed from /etc/valiases/domain.com.
    What if to configure new router to disable mail delivery for address that does not exist and for domain without configured catch-all account line?

    It worked with Exim 3 without *: :fail:

    2) If I set *: fail, if I send email to this account, server response is:
    2003-07-20 06:58:06 H=(111.111.111.111) [] F=<e@domain.com> rejected RCPT <john@domain.com>:

    if I send to domain without *: :fail:, but there is no such user with "username", server response is:
    2003-07-20 07:06:13 H=(h) [] F=<--@-----.com> rejected RCPT <john@domain.com>: unrouteable mail domain "domain.com"
     
    #2 H2Hosting.com, Jul 20, 2003
    Last edited: Jul 20, 2003
  3. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    451
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Vancouver, Canada
    Alex, you seem to have been doing something that I have been wondering about for a long time. If you bounce on SMTP level, does that mean that the undeliverable e-mail never enters your server? That would indeed be much better than :fail: :)

    Have you got this feature working again on Exim 4? :rolleyes:

    cPanel.net Support Ticket Number:
     
  4. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    How did you set this up in Exim 3 config file, where is the exim.conf did you apply this and how ??

    thx's

    cPanel.net Support Ticket Number:
     
  5. H2Hosting.com

    H2Hosting.com Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    if you set catch-all account to :fail:, it will be impossible to send email to the address that does not exist (pop3 account or forwarder). Try it yourself. So, if the only POP3 account is "JKh3jHGGkfl@yourdomain.com", server will accept connections and delivery email to this account only.

    For EXIM4:
    add this line to check_recipient ACL:
    verify = recipient/defer_ok/callout=10s,defer_ok

    *** I replaced acl_smtp_rcpt = check_recepient
    to acl_smtp_rcpt = check_myown in 1st box of Exim editor and setup new "check_myown" ACL to be able to set my own acl_smtp_rcpt rules.

    For EXIM3:
    receiver_verify = true

    cPanel.net Support Ticket Number:
     
  6. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    451
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Vancouver, Canada
    I'd like to try this but feel uneasy tweaking exim.conf. Please confirm that this is what I should be doing:

    Replace
    acl_smtp_rcpt = check_recipient
    with
    acl_smtp_rcpt = check_myown

    and then further down add
    check_myown
    verify = recipient/defer_ok/callout=10s,defer_ok


    Thanks for your assistance ;)

    cPanel.net Support Ticket Number:
     
  7. H2Hosting.com

    H2Hosting.com Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    Actually, set "acl_smtp_rcpt = check_myown" in 1st box
    and then (in 2nd one) start new "check_myown" ACL with
    all content of "check_recipient",

    add verify = recipient/defer_ok/callout=10s,defer_ok
    (insert just after "require verify = sender")

    example:
    ...
    accept hosts = :
    require verify = sender
    verify = recipient/defer_ok/callout=10s,defer_ok
    ...
    ...

    It will replace "check_recipient" with "check_myown"

    Most important - Cpanel insert some mailman tweeks in original exim.conf, but do not show modifications in Exim config editor, so copy all mailman related lines to your edited "check_myown" ACL

    p.s. use it on your own risk :cool:

    cPanel.net Support Ticket Number:
     
  8. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    451
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Vancouver, Canada
    Thank you Alex. Your instructions were clear and I could modify exim.conf as suggested :)

    I now get the desired behaviour - an error message on the sender side, rather than a bounce message.

    Great stuff! Thank you! :D
     
    #8 Stefaans, Aug 12, 2003
    Last edited: Aug 12, 2003
  9. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    451
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Vancouver, Canada
    Alex, did I mention you are my hero ? :D

    cPanel.net Support Ticket Number:
     
  10. Uneeeq

    Uneeeq Member

    Joined:
    Feb 4, 2003
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Thank you Alex !

    This solution is perfect.
    We had a spammer hammering our server with 500,000 attempts per day to send spam from fake email addresses to non existend users at one of our customers domains, bouncing them would only compound the problem because we were bouncing to non existent recipients. :blackhole: was the most viable solution but not satisfactory as the spammer would continue deliver their via-gra and such spams at a rate of 500,000 or more messages per day!

    The only viable solution is to reject at check_recipient stage and not permit the message enter our server... so those spams would accumulate in SPAMMERS que and ultimately bog down his system instead of wasting our resources.

    Since they use dynamic IP blocks from all over the world bl lists could not blacklist those IPs fast enough about 500 to 1000 mesages would get through each day even using the most aggressive bls.

    I have been searching high and low for this solution for past 2 weeks and cannot thank you enough for posting it! It works like a charm !
     
  11. Jeewhizz

    Jeewhizz Well-Known Member

    Joined:
    Mar 12, 2003
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    London, England
    I have the username problem tho. - is there anyway of fixing this?
     
  12. fizz

    fizz Well-Known Member

    Joined:
    Jan 25, 2002
    Messages:
    202
    Likes Received:
    0
    Trophy Points:
    16
    what exactly goes in the second box, i get a config error, im not quiet understanding..
     
  13. amp

    amp Registered

    Joined:
    Jul 19, 2003
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    It would be a good idea to just post a copy of the config file so everyone gets the visual idea.
     
Loading...

Share This Page