For a start, you could go to the max hourly mail limit and set it to 1.
Will try out something and post.
Will try out something and post.
What steps have you taken thus far, and what method is being used when sending from this domain name?
Thank you.
step :
domainlist blocked_domains = lsearch;/etc/blockeddomains
reject_domains:
driver = redirect
# RBL Blacklist incoming hosts
domains = blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.
Send Method :
PHP mail function , Cpanel Email account.
domainlist blocked_domains = lsearch;/etc/blockeddomains
reject_domains:
driver = redirect
# RBL Blacklist incoming hosts
domains = blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.
Send Method :
PHP mail function , Cpanel Email account.
Did you create and add the domain name to the "/etc/blockeddomains" file? Also, have you tried removing the domain name from the /etc/localdomains file? Note that if they have the ability to send email via PHP, they could bypass some of these filters.
Thank you.
Thank you.
it is appear this filter bypassed , How can prevent this sending email even bypassing not work ?
speckados
Well-Known Member
Well
There're method for block "user" ?
If script (hack) uses sendmail() or phpmail funcionts, user can send email.
There're method for block "user" ?
If script (hack) uses sendmail() or phpmail funcionts, user can send email.
I know this is an old thread, but it's the only one with a (semi) working solution to this problem.
Does anyone know which box to edit on a new cPanel (11.42.0) server?
Does anyone know which box to edit on a new cPanel (11.42.0) server?
Works for us in 11.42:
Exim Advanced Configuration Editor -> Click on "Add additional configuration setting" -> Add:
Under "ROUTERSTART" add:
Then run from shell:
Exim Advanced Configuration Editor -> Click on "Add additional configuration setting" -> Add:
Code:
domainlist blocked_domains = lsearch;/etc/blockeddomains
Code:
reject_domains:
driver = redirect
domains = +blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.
Code:
touch /etc/blockeddomains;chown root:mail /etc/blockeddomains;chmod 640 /etc/blockeddomainsI completed all of the steps listed by s.a. above. Now what do I need to do to block a specific domain from sending? In our case, the spammers are aol.com senders, and we don't want to allow an aol address to send email through our server.
I'd like to clarify that anyone applying these rules who thinks that this will stop an authenticated SMTP account from actually sending would be sorely mistaken.
All this will do is stop your server from delivering mail for which the 'From:' name matches the domain in /etc/blockeddomains. If you are looking for a solution which will retain the email accounts associated with a cPanel account, and you need the cPanel account to remain active (ie not suspended) because the account is still serving a website, this is not that solution unfortunately.
All this will do is stop your server from delivering mail for which the 'From:' name matches the domain in /etc/blockeddomains. If you are looking for a solution which will retain the email accounts associated with a cPanel account, and you need the cPanel account to remain active (ie not suspended) because the account is still serving a website, this is not that solution unfortunately.
Yeahh, definitely do not use this "solution" -- it blocks both incoming *and* outgoing mail, so there are very very few practical cases where making the changes listed above would actually help you.
Hello,
I see many solutions that regards a single domain.
What is the actual best solution to block a complete account. If the account is infected with malware, it will not just send mail out from the account domain, it will send mail out from a variety of domains using custom From: header.
And I'm sorry to keep alive a thread whose original post is from 2006, but it's just sad that there is still no definitive solution.
I see many solutions that regards a single domain.
What is the actual best solution to block a complete account. If the account is infected with malware, it will not just send mail out from the account domain, it will send mail out from a variety of domains using custom From: header.
And I'm sorry to keep alive a thread whose original post is from 2006, but it's just sad that there is still no definitive solution.
You may want to post to the Exim users mailing list to see if any other potential solutions are available if this one does not meet your requirements:
Exim Users Mailing List
Thank you.
Exim Users Mailing List
Thank you.
Hello,
Please note, that initially this line was as follows:
In 11.44+, it needs to be changed to:
If you don't have the + in front of blocked_domains, this will not work.
Please note, that initially this line was as follows:
Code:
domains = blocked_domains
Code:
domains = +blocked_domains
I edited my exim_system_filter_file to include:
This re-routes all mail from that address to my false positive check account.
I tested it and it works on my 11.50.0 build 29 whm.
You could remove the re-routing and just send it to "seen finish" and it would be gone.
They would still receive emails. To stop them from being delivered you could add:
Someone with better coding skills could probably send it back to the sender with a nice message.
It doesn't disable the account but it does stop the email from being sent out.
Hope this helps
Code:
#[email protected] block test
if first_delivery
and
$h_from: contains "[email protected]"
then
headers add "SpamRule: EXIM FILTER [email protected] (was: $h_subject:)"
deliver "SpamTest <[email protected]>"
seen finish
endifI tested it and it works on my 11.50.0 build 29 whm.
You could remove the re-routing and just send it to "seen finish" and it would be gone.
They would still receive emails. To stop them from being delivered you could add:
Code:
or
$h_to: contains "[email protected]"It doesn't disable the account but it does stop the email from being sent out.
Hope this helps
I'm happy to see you were able to develop a solution for newer builds of cPanel. Thank you for taking the time to submit an updated user-workaround.
