Exim bounces back entire spam messages

Bdzzld

Well-Known Member
Apr 3, 2004
410
5
168
Hi,

We've noticed that some spam sources use (existing and non-existing) e-mail addresses which are being hosted on our servers in their "From" field. When the spam source then sends to an e-mail address which is no longer valid the receiving e-mail server creates a bounce of the message to the e-mail address in the "From" field. Then that message is bounced back by Exim again for sending to a non-exiting address on our servers. The problem with this is that Exim bounces the entire message, including the virus or spam message, and this unfortunately has resulted some time in getting the server onto a blacklist. I know Exim can be adjusted so it won't bounce back the enitre message, but only the header or subject of such a message.

My problem/question is: How can Exim be configured as described without cPanel overwriting it after a new update??

Thanks.
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,216
13
313
Houston, TX
cPanel Access Level
Root Administrator
Hi,

We've noticed that some spam sources use (existing and non-existing) e-mail addresses which are being hosted on our servers in their "From" field. When the spam source then sends to an e-mail address which is no longer valid the receiving e-mail server creates a bounce of the message to the e-mail address in the "From" field. Then that message is bounced back by Exim again for sending to a non-exiting address on our servers. The problem with this is that Exim bounces the entire message, including the virus or spam message, and this unfortunately has resulted some time in getting the server onto a blacklist. I know Exim can be adjusted so it won't bounce back the enitre message, but only the header or subject of such a message.

My problem/question is: How can Exim be configured as described without cPanel overwriting it after a new update??

Thanks.
Mind if our technical analysts work with you on this? The behavior you mention doesn't seem typical of Exim in a cPanel/WHM environment. You can contact our technical analysts at: http://tickets.cPanel.net/submit
 
Last edited:

Bdzzld

Well-Known Member
Apr 3, 2004
410
5
168
Hi cPanelDavidG,

Actually this is normal behaviour for Exim and can be configured with one or both of these variables :

bounce_return_message

Type: boolean
Default: true

If this option is set false, the original message is not included in bounce messages generated by Exim.
bounce_return_size_limit
Type: integer
Default: 100K

This option sets a limit in bytes on the size of messages that are returned to senders as part of bounce messages when bounce_return_message is true. The limit should be less than the value of the global message_size_limit and of any message_size_limit settings on transports, to allow for the bounce text that Exim generates. If this option is set to zero there is no limit.

When the body of any message that is to be included in a bounce message is greater than the limit, it is truncated, and a comment pointing this out is added at the top. The actual cutoff may be greater than the value given, owing to the use of buffering for transferring the message in chunks (typically 8K in size). The idea is to save bandwidth on those undeliverable 15-megabyte messages.
The problem is, that I could not find them in the default exim.conf file in cPanel and I have no idea where to put them.

Thanks.
 

excessnet

Well-Known Member
Aug 7, 2006
57
0
156
Quebec, Canada
cPanel Access Level
Root Administrator
Did you manage to disable bounce completly ?

I'm using my cPanel server a secondary MX, when my Barracuda told him there's "No such user here", the cPanel exim create a bounce filling the queue. Since it's only a secondary MX, I don't care about bounce.

How can I turn it off ?
 

Bdzzld

Well-Known Member
Apr 3, 2004
410
5
168
As cPanelDavidG could not point me into the direction, I've not invested any more time into it. If you (or any one else) are able to find a solution for this, please share it though.
 

GaryT

Well-Known Member
May 19, 2010
320
3
68
Taken from a thread in the forum, You can make it bounce back to the domain that sent it rather than the root which works great and no problems :) Hope it helps

Open "WHM"
Under "Service Configuration" , click "Exim Configuration Editor"
Click "Switch to advanced mode"

In the first editable text box below
#!!# cPanel Exim 4 Config:

ADD:

local_from_check = false
untrusted_set_sender = root


In the textbox that follows (REWRITE CONFIGURATION)
begin rewrite:

ADD:

[email protected];/etc/localdomains "${if !eq {$header_From:}{}{$header_sender:$header_From:}fail}" Fs
[email protected];/etc/localdomains "${if !eq {$header_From:}{}{$header_sender:$header_From:}fail}" Fs

NOTE: there is no space between fai and l in the word fail above.
There appears to be a text translation problem in the forum.


Now Click Save, Exim will restart with the updated config.