Default :blackhole: for all new future accounts

izghitu

Well-Known Member
Aug 9, 2006
62
2
158
Hi,

Is there any way to make it so any new domain/account that is created in my cPanel defaults to :blackhole: for default mail sent to non-existent users?

Please let me know.
Thanks in advance.
 

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
765
310
363
cPanel Access Level
DataCenter Provider
In WHM, Tweak settings, Mail tab, " Initial default/catch-all forwarder destination ". Personally, I'd suggest fail over blackhole, but that's your decision. Click the [?] and you can get the details of the 3 options.
 
  • Like
Reactions: Spirogg and cPRex

izghitu

Well-Known Member
Aug 9, 2006
62
2
158
In WHM, Tweak settings, Mail tab, " Initial default/catch-all forwarder destination ". Personally, I'd suggest fail over blackhole, but that's your decision. Click the [?] and you can get the details of the 3 options.
With fail the mail server will respond with bounces which means that it can be exploited with forged Return-Path email accounts that will make the bounce containing the initial spam message go to third party email accounts which in the end will make my server be the spammer.

I do not understand why blackhole is not the default.
 

sparek-3

Well-Known Member
Aug 10, 2002
2,120
255
388
cPanel Access Level
Root Administrator
With fail the mail server will respond with bounces which means that it can be exploited with forged Return-Path email accounts that will make the bounce containing the initial spam message go to third party email accounts which in the end will make my server be the spammer.

I do not understand why blackhole is not the default.
No, this is wrong.

:fail: in the context of the default email address will not send a bounce message. A bounce message is a message that is sent after a message is received. With :fail: in this context, your server will NOT ACCEPT a message to an email address on the domain that does not already exist as a mail account or forwarder.

The connecting server - the SMTP server that is trying to send the message to the non-existent email address - will be responsible for bouncing the message back to the sender. Now, maybe the sender is trying to spam various emails at your domain name - then because the server sending the messages will be responsible for the bounce message SHOULD then become aware that someone is trying to abuse their services to send out spam.

Now... to go a slight bit off of this topic... :fail: in the context of email filters (cPanel email filters) is WRONG. The filters set up in a user's cPanel only get hit once a message has been accepted. So if you are filtering messages and use :fail: THEN your server is going to be responsible for sending. That's not what you want to do. You can't ACCEPT a message and THEN :fail: it.
 
  • Like
Reactions: Spirogg

izghitu

Well-Known Member
Aug 9, 2006
62
2
158
No, this is wrong.

:fail: in the context of the default email address will not send a bounce message. A bounce message is a message that is sent after a message is received. With :fail: in this context, your server will NOT ACCEPT a message to an email address on the domain that does not already exist as a mail account or forwarder.

The connecting server - the SMTP server that is trying to send the message to the non-existent email address - will be responsible for bouncing the message back to the sender. Now, maybe the sender is trying to spam various emails at your domain name - then because the server sending the messages will be responsible for the bounce message SHOULD then become aware that someone is trying to abuse their services to send out spam.

Now... to go a slight bit off of this topic... :fail: in the context of email filters (cPanel email filters) is WRONG. The filters set up in a user's cPanel only get hit once a message has been accepted. So if you are filtering messages and use :fail: THEN your server is going to be responsible for sending. That's not what you want to do. You can't ACCEPT a message and THEN :fail: it.
Thanks for the detailed explanation.

It all makes sense now.