SOLVED How Do I Block One Domain From Sending Email From My Server?

mahdy_sharifi

Well-Known Member
Feb 26, 2012
220
1
68
cPanel Access Level
Root Administrator
I was do all this instruction , but email still sending !
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
I was do all this instruction , but email still sending !
What steps have you taken thus far, and what method is being used when sending from this domain name?

Thank you.
 

mahdy_sharifi

Well-Known Member
Feb 26, 2012
220
1
68
cPanel Access Level
Root Administrator
step :

domainlist blocked_domains = lsearch;/etc/blockeddomains
reject_domains:

driver = redirect
# RBL Blacklist incoming hosts
domains = blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

Send Method :
PHP mail function , Cpanel Email account.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
Did you create and add the domain name to the "/etc/blockeddomains" file? Also, have you tried removing the domain name from the /etc/localdomains file? Note that if they have the ability to send email via PHP, they could bypass some of these filters.

Thank you.
 

mahdy_sharifi

Well-Known Member
Feb 26, 2012
220
1
68
cPanel Access Level
Root Administrator
it is appear this filter bypassed , How can prevent this sending email even bypassing not work ?
 

s.a.

Active Member
PartnerNOC
Aug 16, 2007
35
0
56
Toronto, Canada
Works for us in 11.42:

Exim Advanced Configuration Editor -> Click on "Add additional configuration setting" -> Add:
Code:
domainlist blocked_domains = lsearch;/etc/blockeddomains
Under "ROUTERSTART" add:
Code:
reject_domains:

driver = redirect
domains = +blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.
Then run from shell:
Code:
touch /etc/blockeddomains;chown root:mail /etc/blockeddomains;chmod 640 /etc/blockeddomains
 

jtlmusic

Registered
Apr 20, 2014
1
0
1
cPanel Access Level
Root Administrator
I completed all of the steps listed by s.a. above. Now what do I need to do to block a specific domain from sending? In our case, the spammers are aol.com senders, and we don't want to allow an aol address to send email through our server.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463

rezonant

Registered
Mar 3, 2015
2
0
1
cPanel Access Level
Root Administrator
I'd like to clarify that anyone applying these rules who thinks that this will stop an authenticated SMTP account from actually sending would be sorely mistaken.

All this will do is stop your server from delivering mail for which the 'From:' name matches the domain in /etc/blockeddomains. If you are looking for a solution which will retain the email accounts associated with a cPanel account, and you need the cPanel account to remain active (ie not suspended) because the account is still serving a website, this is not that solution unfortunately.
 

rezonant

Registered
Mar 3, 2015
2
0
1
cPanel Access Level
Root Administrator
Yeahh, definitely do not use this "solution" -- it blocks both incoming *and* outgoing mail, so there are very very few practical cases where making the changes listed above would actually help you.
 

HostingGuru

Member
Sep 13, 2012
6
0
1
Odense, Denmark, Denmark
cPanel Access Level
Root Administrator
Hello,

I see many solutions that regards a single domain.
What is the actual best solution to block a complete account. If the account is infected with malware, it will not just send mail out from the account domain, it will send mail out from a variety of domains using custom From: header.

And I'm sorry to keep alive a thread whose original post is from 2006, but it's just sad that there is still no definitive solution.

You can try the following steps. First, in root SSH, run these commands:

Code:
touch /etc/blockeddomains
echo "domain.com" >> /etc/blockeddomains
Please replace domain.com with the domain name. Do not replace the "" part as that's required, only the domain.com part with the right domain name.

In WHM > Exim Configuration Editor > Advanced Editor, put the following in the topmost box:

Code:
domainlist blocked_domains = lsearch;/etc/blockeddomains
Locate the "ROUTERS CONFIGURATION" section, and right below these lines:



Put the following lines:

Code:
reject_domains:

driver = redirect
# RBL Blacklist incoming hosts
domains = blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
You may want to post to the Exim users mailing list to see if any other potential solutions are available if this one does not meet your requirements:

Exim Users Mailing List

Thank you.
 

cPanelPeter

Senior Technical Analyst
Staff member
Sep 23, 2013
584
24
143
cPanel Access Level
Root Administrator
Hello,

Please note, that initially this line was as follows:

Code:
domains = blocked_domains
In 11.44+, it needs to be changed to:

Code:
domains = +blocked_domains
If you don't have the + in front of blocked_domains, this will not work.
 

StoneyCreeker

Well-Known Member
Oct 17, 2006
53
3
158
Upper-East TN
cPanel Access Level
Root Administrator
I edited my exim_system_filter_file to include:

Code:
#[email protected] block test
if first_delivery
and
  $h_from: contains "[email protected]"
then
headers add "SpamRule: EXIM FILTER [email protected] (was: $h_subject:)"
deliver "SpamTest <[email protected]>"
seen finish
endif
This re-routes all mail from that address to my false positive check account.
I tested it and it works on my 11.50.0 build 29 whm.
You could remove the re-routing and just send it to "seen finish" and it would be gone.
They would still receive emails. To stop them from being delivered you could add:

Code:
  or
$h_to: contains "[email protected]"
Someone with better coding skills could probably send it back to the sender with a nice message.
It doesn't disable the account but it does stop the email from being sent out.

Hope this helps :)
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
I'm happy to see you were able to develop a solution for newer builds of cPanel. Thank you for taking the time to submit an updated user-workaround.