Disable Email ports for domains with no email access

monza

Member
Nov 10, 2010
19
2
53
I would like to block all email ports from responding on domains that have email disabled. For instance, if I set the default email handler to "remote", I don't want any response on connections to ports 25,26,465,587,993, etc. on that domain or any domain in that account. How can I do that? Right now, if you try to Telnet to any mail port on a cPanel domain, it responds with the Exim version. That should NOT happen for security reasons.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
16,597
2,616
363
cPanel Access Level
Root Administrator
Hey there! What you're seeing is just how the daemons and ports work on a Linux server. The Exim service listens for incoming connections on any IP address configured on the server, and has no concept of domains or cPanel accounts. So whether you try your telnet test with a domain or an IP address, Exim is going to intercept that and respond. There isn't a per-domain setting for this type of activity as that all happens at a lower-level in the operating system itself, as only Apache has a concept of domains.
 

monza

Member
Nov 10, 2010
19
2
53
Is there a way of preventing Telnet from accessing this information for all accounts? Obviously, Telnet makes no email transmissions, so it's knowledge of the EXIM server is pointless.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
16,597
2,616
363
cPanel Access Level
Root Administrator
Not really - if the port is open and listening on a public IP address, people will be able to see it. They may not be able to do anything - for example, running a telnet test to a cPanel port isn't going to be very useful - but the ports will respond.