cPanel should be blocking email if i block IP, no brainer

[durangod]

Hi,

I have done some poking around and have read some thread here as well. If i am correct when you block an IP using denyip then that is just http block, it does not block email from that IP. Unless there is some new information that i have not found yet.

This is just sad it my opinion. We should have an option as cPanel admins to block emails from certain ip or even a whole country ip if we wanted to and all we should need to do is post the ip in the deny ip area with an option (tick box) that says "block all email also".

I am sorry for being kind of a butt on this one and maybe i dont fully understand why this has not been done yet. But in my opinion it should have already been done. Look cPanel developers, if i as an admin done want someone from an IP to go to my website why would i want a stinking email from them?

As a reseller i should have the option in WHM to set some parameters for this option to my customers and not to go against those of my host supplier.

Sure if i own the server and have access i can always load a firewall on the server but i am not, i am a reseller and all i have access to is cPanel and WHM and there is no option to block country IP or range of IP's from cPanel.

Yes your gonna tell me to use spam assassin or set up filters (and i have done so with little affect because i have do do each one individual). Why should we have to spend time and hours setting those up when all that really needs to be done is so add an option to denyip with a tick box to say block email also and we tick that box and its done.

Look, spam is not new to the market, it is one of the number one issue's we webmasters face so why cPanel for some reason does not attack this as such and give us an easy way to stop them in thier tracks, its not rocket science and it could very well be a great marketing point for you.

The email process for a web domain is all incluse right along with the whole cPanel. cPanel has it within its grasp to give us an option to fix this as all our email routines and process are right there for the taking.

I think i can speak for many other webmasters when i say that most of my domains do not do business with indonesia or china and we could care less if any of their ips have access via http or email, we are not loosing any customers by blocking them.

I am asking for help cPanel, if there is a way that i as a reseller with access to WHM and cPanel can block all of china and all of any country very easy both email and http access then please let me know. However if there is not an option maybe its time you put the spam issue on the front burner and help solve this issue, because most of us dont have access to the server and cannot do our own firewall and we really do need some help here.

Thanks for listening.. Hope to hear a reply soon.

 

[mtindor]

If you, as a reseller or an end-user, were to deny all IP access for IPs that you don't want to access your server, you'd be forcing that restriction on everyone on the server. And that's not right. The server admin is the one who should have the sole discretion to block IPs / IP ranges [at a firewall level] from the server. End users and resellers should not have that type of capability, because an end user or reseller could block traffic that the server owner and other users on the server _want_ to receive.

Mike

 

[durangod]

Good point but im not talking about the local mom and pop site and the fact that some might want to get emails from them. Im talking about ips that are on the national blacklist and ips that send out crap about viagra, and no i dont care if that stops lagit viagra email, who cares. Let viagra corp spend some of the trillion a year it makes in profit to combat that fact. Viagra is one of the number one issues when it comes to harassment by email so let them figure it out, i think all of us should ban any ip that uses the word viagra in its correspondence. I know thats harsh but we are in the trenches folks and do you think they play by any rules, no they dont. If we are going to continue to fight fires with squirtguns then we might as well just give up and let them do what they want to do.

How about this, in WHM (for resellers) and Cpanel (for my clients) if we ban an ip using denyip, let the software check for the ip on the national blacklist, and if it happens to be on the national blacklist then by all means block it for all. If it does not then block the ip locally but not server wide.

Would that work?

Besides you mean to tell me that with all the technology, checks and balances, and process that cPanal does with email, that it is unable to isolate the request down to the cPanel user level?

I understand that doing it server level is drastic, but if we did this where cPanal clients had access, would it not be better to help prevent abuse, to apply some limits on that or have rules that apply to them regarding that rather than have to fight 10 million china men putting out crap left and right.

The rule is how do you eat an elephant, one bite at at a time. To do that we need to put this issue in the hands of us users some how and give us the ability to help fight a huge problem.

How about this, each reseller and their clients are a community, allow us as resellers the power to do this and we can request a vote from our clients stating why we are banning an ip. Let them decide and with the final talley we ban it and its done. Yes i understand the main host has the power to add it to their firewall, but with all they have to do and especially since they are usually one man shows, they dont have the time or resources to handle this. So give us something to use on our end.

 

[mtindor]

Anything is possible I suppose. But I think it would take a tremendous amount of work to do that and would potentially add to server resource usage for each incoming mail that had to be further scrutinized.

More importantly this would conflict with DNS Blacklists [in WHM] that work at the SMTP level. A server admin might choose to use xen.spamhaus.org to outright reject mail during SMTP time for IP on that particular blacklist. Let's say you wanted email from 1.2.3.4 but 1.2.3.4 was listed in the Xen RBL and your server provider was rejecting mail if the sender IP is listed in Xen. Well, you could never electively say "I want this mail from this IP" because the from/to checks happen after the SMTP initial phases. The server owner would have to accept all mail and have it scrutinized by spamassassin, when I think most admins [at least here in the states] use one or more RBLs to reject outright before it ever gets to the to/from phase.

I know you were wanting the opposite, to block IPs and IP ranges. But I think the same thing still applies.

In Apache for instance, it's easy to deny a session based upon the visiting IP / the host header sent by that IP. It's more difficult with SMTP.

[email protected] sends a piece of spam to you from 1.2.3.4 in china. You don't like their Viagra spam, but another user on your system wants to get the Viagra spam because he "needs the help". 1.2.3.4 connects. If it's on a blacklist that your admin has configured to use and your admin set it up so that emails from 1.2.3.4 are rejected outright, then neither you or the other user get the Viagra email -- it can get dumped before ever making it through spamd/clamd. If it's not on a blacklist [or the admin of the server is not using any blacklists to reject during SMTP], then it's passed on to various mechanisms in Exim which then has to make note of the fact that 1.2.3.4 is sending an email. It then has to make note of who the recipient is. If it's for you, then it has to check some flat file [most likely, but could be a database] where the IP ranges are that you wish to blacklist. If you personally blacklisted the mail, then it has to be bounced back to the sender [which is probably forged].

Granted, all that could happen during initial SMTP phases, but the more you inside the SMTP phase, the higher the number of connections end up being open at a time, the more resources used by spamassassin, clamd, etc.

From a server admin standpoint, that's additional overhead that needs to be accounted for. And an admin / company has to ask themselves if it's worth it to provide that service to what is typically customers paying extremely low rates.

It's no wonder that Postini, Messagelabs and other spam scrubbing companies as well as Barracuda Networks and other spam appliance sellers end up charging significantly for enhanced per-user filtering options. The more you do, the more server-intensive it is.

I agree that it'd be nice. And I'm not saying it's not possible. I just don't think that cPanel should dive into that one.

I've always made liberal use of the more notable RBLS, which at least here in the states block a tremendous amount before it ever has to go through spamd/clamd. Xen, the Barracuda RBL, Spamcop, etc.

I think cpanel servers do a pretty good job, all things considered, with spam filtering. Of course, if the server admin adds things like DCC, Pyzor and Razor, that is an additional bonus. I don't think you can really get much more filtering [in general] out of a cPanel server [or any other mail server] without stuffing a dedicated spam appliance behind it (like a Barracuda box) or scrub all their mail through a third party service like Postini / Messagelabs.

If you are receiving such a terrible amount of spam, maybe you should engage in a discussion with your host about potential ways they can increase the effectiveness of their spam filtering globally [across the whole server].

Mike

 

[clyde123]

I realise this is an old thread, but I'm also interested in seeing some way of blocking email by IP or partial IP.
I am a reseller on a shared server, so cannot implement anything at server level. But I would like to do something at domain level.
For instance, a couple of my domains get junk emails from IPs beginning 110.52.x.x every day. The emails show various and changing senders, so cannot use Account Filtering. I would love to use Account Filtering by IP.