The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Email Filtering before delivery

Discussion in 'E-mail Discussions' started by osirion, Aug 3, 2017.

  1. osirion

    osirion Active Member

    Joined:
    Jan 16, 2007
    Messages:
    35
    Likes Received:
    2
    Trophy Points:
    158
    Hey Guys,
    I have an issue here with some email filtering.
    A user is getting bombarded with spam from *@qq.com accounts. I have CSF/LFD so I went to MailScanner and setup some blocking rules for *@qq.com (server wide, as well as specific to this customers account).
    The problem that I see now is that my email queue is growing larger and larger, because this mail isnt getting delivered.
    The users mailbox is full.

    I'm assuming that the filtering only happens after a successful delivery attempt; however, there isnt a successful delivery attempt because the mailbox is full.
    Example delivery log from one such mail stuck in the queue:
    Code:
    2017-08-03 10:22:06 cwd=/var/spool/MailScanner/incoming 10 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -Mc 1ddBO3-0001eg-7l 1ddBO0-0001hY-Gr 1ddBO0-0001eI-0C 1ddBO3-0001eC-It 1ddBO3-0001eX-FE 1ddBO2-0001hY-Qa
    
    +++ 1ddBO3-0001eC-It has not completed +++
    2017-08-03 10:21:44 1ddBO3-0001eC-It <= [EMAIL]751620030@qq.com[/EMAIL] H=(example.com) [144.0.100.36]:57113 P=esmtp S=2111 id=b73aba087c89f1d5@ac8a82ddfcf53cc2 T="\346\234\200\344\270\223\344\270\232\347\232\204\345\275\251\347\245\250\347\275\221\343\200\220\345\244\252\351\230\263\345\237\216\343\200\2211.98\350\265\224\347\216\207\357\274\214\350\265\233\350\275\246\357\274\214\346\227\266\346\227\266\345\275\251\357\274\214\345\205\255\345\220\210\357\274\214\347\213\202\347\202\271\346\263\250\345\206\214\357\274\232666354" for [B]customersemailaddress[/B]
    2017-08-03 10:22:17 1ddBO3-0001eC-It == [B]customersemailaddress[/B] R=virtual_user T=dovecot_virtual_delivery defer (-46): LMTP error after end of data: 452 4.2.2 <[B]customersemailaddress[/B]> Mailbox is full / Blocks limit exceeded / Inode limit exceeded
    
    How can I get it so that this mail gets blocked straight away as it hits my server instead of only at delivery time?
     
    #1 osirion, Aug 3, 2017
    Last edited by a moderator: Aug 3, 2017
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,629
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Do you also have MailScanner Front End installed? If yes, click Front End settings and add the domain to the Server Spam Blacklist area.
     
  3. osirion

    osirion Active Member

    Joined:
    Jan 16, 2007
    Messages:
    35
    Likes Received:
    2
    Trophy Points:
    158
    Yes - I do, and its already there (to clarify, thats what I meant by 'server wide' previously).

    Server Spam Blacklist:
    *@qq.com
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,629
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    That should stop them dead. You might remove any added settings on the users side and empty the spam from the email account.

    That qq domain is from China. If you don't do any business with China you could use country code in CSF to block it. Or, add the IP CIDR mentioned in your post above to block it.
    countryipblocks.net/search_ip.php?search_ip=144.0.100.36
     
  5. osirion

    osirion Active Member

    Joined:
    Jan 16, 2007
    Messages:
    35
    Likes Received:
    2
    Trophy Points:
    158
    Thats what I thought! Anyway, I've gone ahead and cleared the spam from the users mailbox which has put him under the quota. I'm hoping now that the filtering will work correctly.
    Thanks for the help Infopro
     
    Infopro likes this.
Loading...

Share This Page