Disable Email Forwarding to an Address Off the Server?

Jan 8, 2020
16
1
3
New Hampshire, USA
cPanel Access Level
Root Administrator
Hi,

I would like to be able to allow email forwarding within the server while disabling any email forwarding off the server. For example I would like to allow example @ hosteddomainonserver.com to example2 @ hosteddomainonserver.com and not allow ANY emails to be forwarded to a gmail, yahoo, msn, etc address.

Reason for this is that (I believe) it is causing email deliverability issues with Gmail and Yahoo. Any spam that is sent to a user's email address on the server that gets forwarded to Gmail, Yahoo, etc. is being recognized as spam coming off the server.

Correct me if I'm wrong but I have been plagued with email deliverability issues for over a year. Constantly removing the server's IP address from blacklists. Some of that was due to a hack with a php mailer, I remedied that issue, but now still have email issues, mostly with Gmail and Yahoo, yet not on any public blacklists.

tia
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,269
313
Houston
The only way to actually disable forwarding would be to remove the user's ability to add a forwarder but this would encompass all forwards. You can do this by going to WHM>>Packages>>Feature Manager -> Select the feature list assigned to the account and disable the forwarder manager
 
Jan 8, 2020
16
1
3
New Hampshire, USA
cPanel Access Level
Root Administrator
Thank you for the info! I did consider doing that but then realized I have a few customers that depend on that. Usually ones that have a website hosted on one domain and their email on another... Email domain forwards to their website domain.

With the fight against spam I would think this might be something to consider for a future version. For now I will run the report on the server for forwards and monitor them manually as I did the other day.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,269
313
Houston
Thank you for the info! I did consider doing that but then realized I have a few customers that depend on that. Usually ones that have a website hosted on one domain and their email on another... Email domain forwards to their website domain.

With the fight against spam I would think this might be something to consider for a future version. For now I will run the report on the server for forwards and monitor them manually as I did the other day.
There could potentially be a few alternate options but two are not blocking forwarders and the other would be fairly complicated.

  • You could enable scanning of outbound mail for Spam and disable forwarding mail that is flagged as spam by SpamAssassin. Both of these are settings that can be modified in WHM>>Service Configuration>>Exim Configuration Manager -> Spam Assassin Options
    • Scan outgoing messages for spam and reject based on defined Apache SpamAssassin™ score
    • Do not forward mail to external recipients based on the defined Apache SpamAssassin™ score
  • Enable SRS in WHM>>Service Configuration>>Exim Configuration Manager
    • This option rewrites sender addresses so that the email appears to come from the forwarding mail server. This allows forwarded email to pass an SPF check on the receiving server.
    • It might decrease your chances of getting flagged as spam when mail is being forwarded.

  • You could potentially create an exim system filter that searches through local domains and rejects based on the forwarding address
 
Jan 8, 2020
16
1
3
New Hampshire, USA
cPanel Access Level
Root Administrator
Thank you for this information! I will sort through it and see what makes the most sense for what I'm trying to do.

Any chance there is an easy way to check all WebMail email addresses in WHM to verify the SPF records are correct, or is this something that needs to be done manually?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,269
313
Houston
There is WHM>>DNS Functions>>Enable DKIM/SPF Globally - this appends the IP from /var/cpanel/mainip to an existing SPF record (if it's not present) or creates the new SPF/DKIM record. If a DKIM record exists already it will not make modifications to it.
 
  • Like
Reactions: mcwebsitedesign

coursevector

Well-Known Member
Feb 23, 2015
147
14
68
cPanel Access Level
Root Administrator
I know this is a bit old but I'm wrestling with the same thing. I looked at SRS and decided against it. It's a double edged sword, yes it will validate the forwarded email to services like Gmail and Yahoo but instead of just routing it through your server you are now validating that YES your server sent that email. Great for good email, bad for spam. Gmail also advises against using systems like SRS.

"We recommend that you do not change the envelope sender when forwarding email to Gmail. Sometimes, when forwarding email, the envelope sender gets changed to your domain. When this happens, Gmail may learn that your domain is sending spam, and will treat other emails from this domain as spam as well. " - Best ways to forward mail to Gmail - Gmail Help

While I didn't consider Exim filters until now, I think a more flexible option is using a custom hook for cPanel. This could prevent users from creating any new forwards to a domain not associated with the account. This allows you to slowly whittle away at existing forwards until they are all gone while preventing any new ones from being created. There is already a request for this to be built in, but it appears to be ignored (its 6 years old).

 
  • Like
Reactions: benito

D9Dan

Registered
PartnerNOC
Dec 31, 2008
3
0
51
While I didn't consider Exim filters until now, I think a more flexible option is using a custom hook for cPanel. This could prevent users from creating any new forwards to a domain not associated with the account. This allows you to slowly whittle away at existing forwards until they are all gone while preventing any new ones from being created. There is already a request for this to be built in, but it appears to be ignored (its 6 years old).
Appreciate you only posted this yesterday but have you managed to get a hook working?

Whatever we try we aren't able to stop the forwarder from being created. We can get the hook to process all the data we need but from what I can see there is no way to stop the forwarder from being created. Best solution I can come up with at present is to send a mail to an admin each time a Gmail/Hotmail forwarder is created and then manually get in touch with the user and get them to use POP3 importing instead which isn't ideal.
 

coursevector

Well-Known Member
Feb 23, 2015
147
14
68
cPanel Access Level
Root Administrator
@D9Dan Yes, I actually got it working yesterday. It hooks into the cPanel API2 and UAPI for when a forward is created. It checks to see if the forwarding domain matches the accounts domain and if it doesn't, it denies the creation of the forward. This doesn't prevent forwards from actually functioning (as an Exim filter would) but does stop any new ones from being created (even via CLI). I'll try and post it up on github later to share.