SOLVED Global email filter - block .co email addresses

commanderclif

Member
Aug 19, 2017
22
1
1
Jacksonville FL
cPanel Access Level
Website Owner
Well for some reasons .co email addresses have started showing back up again in Spam. Not sure what changed but I'd like to stop any and all emails that end in .co addresses and obviously not block .com addresses. Any thoughts?
 

commanderclif

Member
Aug 19, 2017
22
1
1
Jacksonville FL
cPanel Access Level
Website Owner
Hmm better yet, maybe I just need to block the range of IP addresses. I've not done that before but looking in to it. I se that all these .co Spam emails come from same set of first 3 sets of numbers the same with the last three changing each message.
 

Mise

Well-Known Member
May 15, 2011
88
7
58
spam ips from .co domain are changing.

I have .co domain inside file /etc/blocked_incoming_email_domains, and all spam is blocked without exception.

I have this accumulated list from long time ago and all messages are rejected. And no complaints from customers about missed messages

Code:
*.accountant
*.bid
*.biz
*.business
*.buzz
*.cam
*.cf
*.christmas
*.click
*.club
*.co 
*.co.kr
*.country
*.cricket
*.cyou 
*.date
*.desi
*.durban
*.faith
*.fit
*.fun
*.ga
*.gdn
*.gq
*.gr
*.icu
*.kim
*.life
*.live
*.loan
*.lol
*.men
*.ml
*.mom
*.monster
*.nagoya
*.ninja
*.okinawa
*.online
*.ooo
*.pro
*.racing
*.review
*.rocks
*.site
*.space
*.stream
*.tel
*.tk
*.today
*.top
*.us
*.webcam
*.win
*.work 
*.world
*.xyz
*.zip
just save inside /etc/blocked_incoming_email_domains , and rebuild and restart:

# /scripts/buildeximconf; service exim restart

log rejection messages are like "Sender domain is banned"

hope it helps
 

commanderclif

Member
Aug 19, 2017
22
1
1
Jacksonville FL
cPanel Access Level
Website Owner
Thank you Mise!
I still don't get email notifications for messages here but you are correct, I blocked the IP address, they just moved to a different IP address but it was pretty consistant that messages were all coming from .co addresses. Three times now I've added the first 3 sets of numbers of the IP address which was blocking them for a time so came back to see if any additional solutions. Thanks for what you've shared!

I"m by no means a cpanel expert but I believe I done your steps correctly. I created a new text file in the etc folder as you mentioned and put your code lines of domains in that file. I then used the EXIM restart from WHM. Everything said okay except I did get the following warnings:

Starting clamd: LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************

After EXIM started back up I did send a test email from a different account and verified that .com address still went through at least and now I'll keep an eye on Spam folder to hopefully never see a .co email ever again!
 

james-f

Registered
Sep 11, 2022
1
0
1
Australia
cPanel Access Level
Root Administrator
Thanks for the pointers above, just sharing that I needed to use the following regex match to block only '.co' but ensure '.com', 'co.nz' and '.com.au' continued to get delivered.

[email protected]+\.co$

Make sure your testing your filters and not inadvertently sending more than you expect to /dev/null!
 

Attachments

d_j_wills

Active Member
Aug 4, 2020
39
8
8
Silicon Valley
cPanel Access Level
Website Owner
You all are way over my head in experience. But I think I solved this some time ago on a different thread. Or at least, I think I fixed it for me.

Here is the from address from above: <[email protected]>

I believe my problem was "ends with" ".co" didn't work because of the '>'. So to block spam from addresses ending in ".co" I had to create 2 different filters, "ends with" ".co" and "ends with" ".co>".

It's been a long time since I discussed this with cPanel, but I seem to remember that I suggested this might be a shortcoming in global filters. But then again, I could be wrong.

YMMV.

d.