SOLVED How Do I Block One Domain From Sending Email From My Server?

[ambition13]

Hello,

I have one user who is getting hacked a lot and the account is sending out spam emails. I want to disable just his account from being able to send mail at all until he can get his script updated or changed. Any way to do this?

Many thanks.

 

[cPanelTristan]

You can try the following steps. First, in root SSH, run these commands:

touch /etc/blockeddomains
echo "domain.com" >> /etc/blockeddomains

Please replace domain.com with the domain name. Do not replace the "" part as that's required, only the domain.com part with the right domain name.

In WHM > Exim Configuration Editor > Advanced Editor, put the following in the topmost box:

domainlist blocked_domains = lsearch;/etc/blockeddomains

Locate the "ROUTERS CONFIGURATION" section, and right below these lines:

democheck:
driver = redirect
require_files = "+/etc/demouids"
condition = "${if eq {${lookup {$originator_uid} lsearch {/etc/demouids} {$value}}}{}{false}{true}}"
allow_fail
data = :fail: demo accounts are not permitted to relay email

Put the following lines:

reject_domains:

driver = redirect
# RBL Blacklist incoming hosts
domains = blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

 

[ambition13]

Wow, talk about a fast response! It seems to be working so far. If I go to re-enable the banned domain is it recommended that I remove all of the things I just added? Or just remove it from the /etc/blockeddomains? Thanks very much.

 

[GatorJoshD]

You can always modify the account in WHM and change the outgoing mail limit to zero.

 

[Indianets]

You can always modify the account in WHM and change the outgoing mail limit to zero.

And, this will set the sending limit for this domain to "Unlimited" :p Unfortunately, 0 implies "unlimited" in this contrast, so you are going to remove all the limits set on the server for this domain.

 

[Indianets]

Wow, talk about a fast response! It seems to be working so far. If I go to re-enable the banned domain is it recommended that I remove all of the things I just added? Or just remove it from the /etc/blockeddomains? Thanks very much.

You can simply clean the file and let it be there -

echo > /etc/blockeddomains

 

[alexmack]

how can i do this but block all domains except ones i whitelist?

 

[SoftDux]

how can i do this but block all domains except ones i whitelist?

That's actually a good idea and I would like to know how todo this as well.

 

[cPanelTristan]

You could revise /etc/localdomains file to only have the whitelisted domains and place those other domains into /etc/remotedomains file, which would prevent those domains from being able to properly send. Any domain in /etc/remotedomains file will not be placed back into /etc/localdomains file.

 

[dtwyman]

Hi,

I tried the ‘blocked_domians’ solution with the latest version of cPanel and it isn’t working. Has anything changed with respect to this solution in the latest version of cPanel? I’m simply trying to disallow my demo user from sending email.

 

[cPanelTristan]

How precisely is it not working? Is it PHP mail() or using sendmail, or it is sending via webmail and/or an email client? Are you receiving any type of error message or otherwise? Please provide as many details as possible. Thanks!

 

[dtwyman]

Thanks for the quick response.

After implementing the ‘blocked_domains’ solution, I log into the demo account and then into webmail. From there I can send an email. There’s no errors. It just that I can send email from my demo account and so can spammers which is the problem I am trying to solve.

 

[SoftDux]

In WHM > Exim Configuration Editor > Advanced Editor, put the following in the topmost box:

domainlist blocked_domains = lsearch;/etc/blockeddomains

Locate the "ROUTERS CONFIGURATION" section, and right below these lines:



Put the following lines:

reject_domains:

driver = redirect
# RBL Blacklist incoming hosts
domains = blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

Can you please update these instructions for WHM 11.32.x?

The layout has changed a lot

 

[cPanelTristan]

Yes, it has changed to the point that the editor is more difficult to give easy instructions to follow. For example, the topmost box is no longer at the top but towards the middle now. I'll see what I can do.

 

[sawbuck]

Tristan,

Just moved to 11.32.3.19 and wanted to confirm the steps we took to re-enable this directive.

Exim Advanced Editor > Section: CONFIG scroll down to "Add additional configuration setting".

In the form that appears add:

domainlist blocked_domains = lsearch;/etc/blockeddomains

Then scroll down to the Section: ROUTERSTART which is below the democheck entry and add:

reject_domains:

driver = redirect
# RBL Blacklist incoming hosts
domains = blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

Just to double check, tail -f /var/log/exim_paniclog or if you're running CSF and have Log Scanner enabled from the command line run "/usr/sbin/csf --logrun" and check if any errors are reported.

 

[leonex]

Hello, this solution don't work. How i can blocked domain for send email from my server on WHM 11.32.4 (build 14)
Thank you and sorry for my english

 

[ruzbehraja]

Tristan,

Just moved to 11.32.3.19 and wanted to confirm the steps we took to re-enable this directive.

Exim Advanced Editor > Section: CONFIG scroll down to "Add additional configuration setting".

In the form that appears add:

domainlist blocked_domains = lsearch;/etc/blockeddomains

Then scroll down to the Section: ROUTERSTART which is below the democheck entry and add:

reject_domains:

driver = redirect
# RBL Blacklist incoming hosts
domains = blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

Just to double check, tail -f /var/log/exim_paniclog or if you're running CSF and have Log Scanner enabled from the command line run "/usr/sbin/csf --logrun" and check if any errors are reported.

Did you try this?

 

[leonex]

Hello, thank you for your reply, i ttried but don't work. in exim_paniclog i see this error but iline 99 is emty in exim.conf and not is file /etc/exim.conf.test.work.WOyoSoBtybZBETjw: or similiar file
this error
2012-09-07 00:52:00 Exim configuration error in line 99 of /etc/exim.conf.test.work.WOyoSoBtybZBETjw:
router name missing
---
today i tried again, error don't is and not blocked domain.

 

[sawbuck]

Did you try this?

Yes. It was working as of 11.32.3.9 but now isn't on 11.32.4.14.

As was stated in a different thread, removing the domain from /etc/localdomains will also block the domain from sending.

 

[leonex]

Yes. It was working as of 11.32.3.9 but now isn't on 11.32.4.14.

As was stated in a different thread, removing the domain from /etc/localdomains will also block the domain from sending.

Please write me link of other thread. Tahnk you