The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim Server-wide Filters: Best way?

Discussion in 'General Discussion' started by erick_paper, Jun 18, 2005.

  1. erick_paper

    erick_paper Well-Known Member

    Joined:
    Apr 19, 2005
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    I would like to block certain email addresses from sending email to ANY of the domains on my WHM. Not IP addresses so I cannot add them to an IP deny list or anything.

    The rule I am thinking of is something like this:

    What should my condition look like, and where should it go? This is not in domain-specific cpanel accounts (for which a .filter file is usually enough) but for server-wide banning of sender addresses.

    Thx for any thoughts!
     
  2. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That's a somwhat convoluted way of doing it, though does work. If it's just for the odd email address you can simply go into WHM > Exim Configuration Editor > Advanced Mode > Scroll down to the first set of 3 textareas and in the middle one (the ACL stuff) put the following after the accept hosts = : line with clear blank lines around it:
    Code:
     drop senders = baduser@baddomain.com
           message = Spam or Mail Bombing activity
    
     
  4. erick_paper

    erick_paper Well-Known Member

    Joined:
    Apr 19, 2005
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    Thanks Chirpy!

    For now I have set up this rule in the /etc/antivirus.exim file:
    Is this less advisable than having an ACL? Yes, I only have 1 or 2 email addresses so I don't mind the drop command you suggested, but I don't want the sender to know that their messages are being dropped, so I don't want them to receive any bounce message. Would "drop" do this?

    Also, I have a bit of your suggested code in my ACL already. But I have a question. I keep getting bounce messages from people to "adam@MYDOMAIN.COM" or "eve@MYDOMAIN.COM" etc, as if adam and eve had sent them an email from MYDOMAIN.COM (my domain) but they are bouncing. But adam and eve obviously do not exist on my server, so they could not have sent the message in the first place! How can I block such messages from my server? What would the ACL code be?

    Thanks!
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Hi,

    Putting it in that file, the system_filter, is fine.

    The second part is most likely bounces from spam or viruses sent out from an infected PC with forged headers and nothing to do with you. There's little you can do other that using Filters, except of course making sure that you have your Default Address set to :fail: and only create accounts/aliases that you actually use.
     
  6. erick_paper

    erick_paper Well-Known Member

    Joined:
    Apr 19, 2005
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    Thanks Chirpy, that's great. For second question, do you know if I can create any filter that says: "If TO header contains an address that I have not specifically created on my domain, then bounce the email"?
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That's exactly what setting the Default Address to :fail: does.
     
Loading...

Share This Page