Default :blackhole: for all new future accounts

[izghitu]

Hi,

Is there any way to make it so any new domain/account that is created in my cPanel defaults to :blackhole: for default mail sent to non-existent users?

Please let me know.
Thanks in advance.

 

[ffeingol]

In WHM, Tweak settings, Mail tab, " Initial default/catch-all forwarder destination ". Personally, I'd suggest fail over blackhole, but that's your decision. Click the [?] and you can get the details of the 3 options.

 

[cPRex]

Thanks @ffeingol !!!

 

[izghitu]

In WHM, Tweak settings, Mail tab, " Initial default/catch-all forwarder destination ". Personally, I'd suggest fail over blackhole, but that's your decision. Click the [?] and you can get the details of the 3 options.

With fail the mail server will respond with bounces which means that it can be exploited with forged Return-Path email accounts that will make the bounce containing the initial spam message go to third party email accounts which in the end will make my server be the spammer.

I do not understand why blackhole is not the default.

 

[sparek-3]

With fail the mail server will respond with bounces which means that it can be exploited with forged Return-Path email accounts that will make the bounce containing the initial spam message go to third party email accounts which in the end will make my server be the spammer.

I do not understand why blackhole is not the default.

No, this is wrong.

:fail: in the context of the default email address will not send a bounce message. A bounce message is a message that is sent after a message is received. With :fail: in this context, your server will NOT ACCEPT a message to an email address on the domain that does not already exist as a mail account or forwarder.

The connecting server - the SMTP server that is trying to send the message to the non-existent email address - will be responsible for bouncing the message back to the sender. Now, maybe the sender is trying to spam various emails at your domain name - then because the server sending the messages will be responsible for the bounce message SHOULD then become aware that someone is trying to abuse their services to send out spam.

Now... to go a slight bit off of this topic... :fail: in the context of email filters (cPanel email filters) is WRONG. The filters set up in a user's cPanel only get hit once a message has been accepted. So if you are filtering messages and use :fail: THEN your server is going to be responsible for sending. That's not what you want to do. You can't ACCEPT a message and THEN :fail: it.

 

[izghitu]

No, this is wrong.

:fail: in the context of the default email address will not send a bounce message. A bounce message is a message that is sent after a message is received. With :fail: in this context, your server will NOT ACCEPT a message to an email address on the domain that does not already exist as a mail account or forwarder.

The connecting server - the SMTP server that is trying to send the message to the non-existent email address - will be responsible for bouncing the message back to the sender. Now, maybe the sender is trying to spam various emails at your domain name - then because the server sending the messages will be responsible for the bounce message SHOULD then become aware that someone is trying to abuse their services to send out spam.

Now... to go a slight bit off of this topic... :fail: in the context of email filters (cPanel email filters) is WRONG. The filters set up in a user's cPanel only get hit once a message has been accepted. So if you are filtering messages and use :fail: THEN your server is going to be responsible for sending. That's not what you want to do. You can't ACCEPT a message and THEN :fail: it.

Thanks for the detailed explanation.

It all makes sense now.