The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim - How to block domains

Discussion in 'E-mail Discussions' started by ronaldol, Oct 19, 2011.

  1. ronaldol

    ronaldol Registered

    Joined:
    Jul 7, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Rio de Janeiro - Brasil
    Hi all,

    I found these instructions to include into exim.conf and create a Exim Blacklist domain.

    Isn't working... I made many tests and can't find the error. All domains that are included into the file continuing access.

    Anyone could help me?

    Thanks for any help,

    Ronaldo

    =======================================================

    The first command are of Exim.conf are: domainlist exim_blacklist = lsearch;/etc/eximblacklist
    that was included into the first box.


    ===> Inserted into the ROUTERS CONFIGURATION section

    # Inserted to block domains access
    # Local from blacklist: /etc/exim_blacklist

    reject_domains:

    driver = redirect
    # RBL Blacklist incoming hosts
    domains = +exim_blacklist
    allow_fail
    data = :fail: Connection rejected: SPAM source $domain is blacklisted.
     
  2. SB-Nick

    SB-Nick Well-Known Member

    Joined:
    Aug 26, 2008
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Hello,

    Im not sure if you are doing this because you want to blacklist domains for several cPanel accounts but if you want to reject domains from a single cPanel account you can do this through the cPanel interface by going to the SpamAssassin config.
     
  3. ronaldol

    ronaldol Registered

    Joined:
    Jul 7, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Rio de Janeiro - Brasil
    Hi,

    I want to block external domains that are connecting into my mail server.

    I'm receiveing hundreds by minute external connections, like this:

    16052 handling incoming connection from mt-yyy-xxx.auinmeio.com.br [xxx.yyy.www.zzz]

    They are using headers with accounts that I have on domains registred in my mailserver.

    Thanks
     
  4. SB-Nick

    SB-Nick Well-Known Member

    Joined:
    Aug 26, 2008
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Blocking the connections at the SMTP level wont help what you are trying to achieve, you need to find a solution to block them completely, prior to contact your mail server.

    Investigate the range of the IPs, if they are not too many you can block them in Main >> Service Configuration >> Exim Configuration Editor, Access Lists or by using CSF. If thats not the case you may need to block the whole range.

    Ensure you also have Ratelimit suspicious SMTP servers on Main >> Service Configuration >> Exim Configuration Editor, ACL Options, enabled.
     
  5. ronaldol

    ronaldol Registered

    Joined:
    Jul 7, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Rio de Janeiro - Brasil
    SB-Nick,

    Thanks for your help.

    I did some networks blocks using iptables, it's working, but some users reports that his friends are receiving e-mails back when send to them. Seems to me that these users are into the networks IP that I blocked.

    Even with these blocks, the spam senders change the IP network, so if I continue to do this, I'll block a lot of real users that are into these networks.

    If I block them by domain, I focus the block only on the real domain senders. I know that in this case I'll "charged" by my CPU activity.

    Some connections now:
    19866 handling incoming connection from (ip-75-7.powernet.bg) [78.128.75.7]
    19921 handling incoming connection from mx115.send.esp.br [200.146.61.115]
    20034 handling incoming connection from mx139.send.esp.br [200.146.61.139]

    About the Ratelimit, I'm using the default 5.

    I tried the scripts to block domain but isn't working. Do you see where are wrong?

    Thanks and Regards..
     
Loading...

Share This Page