SOLVED How Do I Block One Domain From Sending Email From My Server?

ambition13

Active Member
Jan 24, 2006
35
0
156
Hello,

I have one user who is getting hacked a lot and the account is sending out spam emails. I want to disable just his account from being able to send mail at all until he can get his script updated or changed. Any way to do this?

Many thanks.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
You can try the following steps. First, in root SSH, run these commands:

Code:
touch /etc/blockeddomains
echo "domain.com" >> /etc/blockeddomains
Please replace domain.com with the domain name. Do not replace the "" part as that's required, only the domain.com part with the right domain name.

In WHM > Exim Configuration Editor > Advanced Editor, put the following in the topmost box:

Code:
domainlist blocked_domains = lsearch;/etc/blockeddomains
Locate the "ROUTERS CONFIGURATION" section, and right below these lines:

democheck:
driver = redirect
require_files = "+/etc/demouids"
condition = "${if eq {${lookup {$originator_uid} lsearch {/etc/demouids} {$value}}}{}{false}{true}}"
allow_fail
data = :fail: demo accounts are not permitted to relay email
Put the following lines:

Code:
reject_domains:

driver = redirect
# RBL Blacklist incoming hosts
domains = blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.
 

ambition13

Active Member
Jan 24, 2006
35
0
156
Wow, talk about a fast response! It seems to be working so far. If I go to re-enable the banned domain is it recommended that I remove all of the things I just added? Or just remove it from the /etc/blockeddomains? Thanks very much.
 

Indianets

Well-Known Member
PartnerNOC
Jun 13, 2008
69
0
56
cPanel Access Level
Root Administrator
You can always modify the account in WHM and change the outgoing mail limit to zero.
And, this will set the sending limit for this domain to "Unlimited" :p Unfortunately, 0 implies "unlimited" in this contrast, so you are going to remove all the limits set on the server for this domain.
 

Indianets

Well-Known Member
PartnerNOC
Jun 13, 2008
69
0
56
cPanel Access Level
Root Administrator
Wow, talk about a fast response! It seems to be working so far. If I go to re-enable the banned domain is it recommended that I remove all of the things I just added? Or just remove it from the /etc/blockeddomains? Thanks very much.
You can simply clean the file and let it be there -

Code:
echo > /etc/blockeddomains
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
You could revise /etc/localdomains file to only have the whitelisted domains and place those other domains into /etc/remotedomains file, which would prevent those domains from being able to properly send. Any domain in /etc/remotedomains file will not be placed back into /etc/localdomains file.
 

dtwyman

Registered
Feb 27, 2008
2
0
51
Aliso Viejo, CA
Hi,

I tried the ‘blocked_domians’ solution with the latest version of cPanel and it isn’t working. Has anything changed with respect to this solution in the latest version of cPanel? I’m simply trying to disallow my demo user from sending email.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
How precisely is it not working? Is it PHP mail() or using sendmail, or it is sending via webmail and/or an email client? Are you receiving any type of error message or otherwise? Please provide as many details as possible. Thanks!
 

dtwyman

Registered
Feb 27, 2008
2
0
51
Aliso Viejo, CA
Thanks for the quick response.

After implementing the ‘blocked_domains’ solution, I log into the demo account and then into webmail. From there I can send an email. There’s no errors. It just that I can send email from my demo account and so can spammers which is the problem I am trying to solve.
 

SoftDux

Well-Known Member
May 27, 2006
1,023
5
168
Johannesburg, South Africa
cPanel Access Level
Root Administrator
In WHM > Exim Configuration Editor > Advanced Editor, put the following in the topmost box:

Code:
domainlist blocked_domains = lsearch;/etc/blockeddomains
Locate the "ROUTERS CONFIGURATION" section, and right below these lines:



Put the following lines:

Code:
reject_domains:

driver = redirect
# RBL Blacklist incoming hosts
domains = blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

Can you please update these instructions for WHM 11.32.x?

The layout has changed a lot
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Yes, it has changed to the point that the editor is more difficult to give easy instructions to follow. For example, the topmost box is no longer at the top but towards the middle now. I'll see what I can do.
 

sawbuck

Well-Known Member
Jan 18, 2004
1,365
10
168
cPanel Access Level
Root Administrator
Tristan,

Just moved to 11.32.3.19 and wanted to confirm the steps we took to re-enable this directive.

Exim Advanced Editor > Section: CONFIG scroll down to "Add additional configuration setting".

In the form that appears add:
Code:
domainlist blocked_domains = lsearch;/etc/blockeddomains
Then scroll down to the Section: ROUTERSTART which is below the democheck entry and add:
Code:
reject_domains:

driver = redirect
# RBL Blacklist incoming hosts
domains = blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.
Just to double check, tail -f /var/log/exim_paniclog or if you're running CSF and have Log Scanner enabled from the command line run "/usr/sbin/csf --logrun" and check if any errors are reported.
 

leonex

Member
Jan 12, 2012
23
1
53
cPanel Access Level
Root Administrator
Hello, this solution don't work. How i can blocked domain for send email from my server on WHM 11.32.4 (build 14)
Thank you and sorry for my english
 

ruzbehraja

Well-Known Member
May 19, 2011
392
11
68
cPanel Access Level
Root Administrator
Tristan,

Just moved to 11.32.3.19 and wanted to confirm the steps we took to re-enable this directive.

Exim Advanced Editor > Section: CONFIG scroll down to "Add additional configuration setting".

In the form that appears add:
Code:
domainlist blocked_domains = lsearch;/etc/blockeddomains
Then scroll down to the Section: ROUTERSTART which is below the democheck entry and add:
Code:
reject_domains:

driver = redirect
# RBL Blacklist incoming hosts
domains = blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.
Just to double check, tail -f /var/log/exim_paniclog or if you're running CSF and have Log Scanner enabled from the command line run "/usr/sbin/csf --logrun" and check if any errors are reported.
Did you try this?
 

leonex

Member
Jan 12, 2012
23
1
53
cPanel Access Level
Root Administrator
Hello, thank you for your reply, i ttried but don't work. in exim_paniclog i see this error but iline 99 is emty in exim.conf and not is file /etc/exim.conf.test.work.WOyoSoBtybZBETjw: or similiar file
this error
2012-09-07 00:52:00 Exim configuration error in line 99 of /etc/exim.conf.test.work.WOyoSoBtybZBETjw:
router name missing
---
today i tried again, error don't is and not blocked domain.
 
Last edited: