SOLVED How Do I Block One Domain From Sending Email From My Server?

[etcio]

Can we get an updated end-to-end official tutorial on how to accomplish this? Trying to piecemeal the proper configuration based on partials in this thread's history isn't proving effective.

I'm getting the following error:

"unknown lookup type "domainlist blocked_domains = lsearch"

 

[cPanelMichael]

Can we get an updated end-to-end official tutorial on how to accomplish this? Trying to piecemeal the proper configuration based on partials in this thread's history isn't proving effective.

The most recent user-submitted solution with a successful report is found at:

https://forums.cpanel.net/threads/h...ail-from-my-server.223731/page-2#post-1975591

Thank you.

 

[prakashnplink]

Have any one tried following?

First, create a file called /etc/blockedsenderdomains, and add the list of domains to block email from to this file, one line at a time.

Then go into WHM > Exim Configuration Manager > Advanced Editor, and add the following to “Section: CONFIG” part:

domainlist blocked_domains = lsearch;/etc/blockedsenderdomains

In the ROUTERSTART section, add:

reject_domains:
driver = redirect
domains = +blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

Then save the file.

credit: cpanelservermanagement.com/2014/04/28/how-to-disable-a-domain-from-sending-email/

 

[RWH Tech]

Have any one tried following?

First, create a file called /etc/blockedsenderdomains, and add the list of domains to block email from to this file, one line at a time.

Then go into WHM > Exim Configuration Manager > Advanced Editor, and add the following to “Section: CONFIG” part:

domainlist blocked_domains = lsearch;/etc/blockedsenderdomains

In the ROUTERSTART section, add:

reject_domains:
driver = redirect
domains = +blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

Then save the file.

credit: cpanelservermanagement.com/2014/04/28/how-to-disable-a-domain-from-sending-email/

This does not work for mail sent from a compromised account that uses sendmail/php to spam. It does work for SMTP mail, though.

 

[lutronik]

This not word for me!

My WHM: 11.52.2

[]'s

 

[cPanelMichael]

This not word for me!

Could you let us know which steps you followed?

Thank you.

 

[cPanelPeter]

Hello,

I wanted to mention that I just tested this solution on 11.54.0.17 and it works fine.

Verified to work in cPanel 11.54.0.17

Go to: Exim Advanced Configuration Editor -> Click on "Add additional configuration setting"
-> Add:

domainlist blocked_domains = lsearch;/etc/blockeddomains

Under "ROUTERSTART" add:

reject_domains:
driver = redirect
domains = +blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

Then run from shell:

# touch /etc/blockeddomains;chown root:mail /etc/blockeddomains;chmod 640 /etc/blockeddomains

Place any domains you don't want to allow sending to, in /etc/blockeddomains

NOTE: It will not block mail from PHP/Perl scripts (unless they authenticate).

 

[tylerjr92]

Hello I attempted this solution following these steps

Hello,

I wanted to mention that I just tested this solution on 11.54.0.17 and it works fine.

Verified to work in cPanel 11.54.0.17

Go to: Exim Advanced Configuration Editor -> Click on "Add additional configuration setting"
-> Add:

domainlist blocked_domains = lsearch;/etc/blockeddomains

Under "ROUTERSTART" add:

reject_domains:
driver = redirect
domains = +blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

Then run from shell:

# touch /etc/blockeddomains;chown root:mail /etc/blockeddomains;chmod 640 /etc/blockeddomains

Place any domains you don't want to allow sending to, in /etc/blockeddomains

NOTE: It will not block mail from PHP/Perl scripts (unless they authenticate).

It seems this blocks the user from receiving email as well. Any ideas? I only want to block out going email.

Version 11.54.0.21

 

[cPanelPeter]

Hello,

Those changes should only effect SMTP services. What error message (if any) are you getting regarding incoming email?

 

[tylerjr92]

Hello,

Those changes should only effect SMTP services. What error message (if any) are you getting regarding incoming email?

Hello Peter,

I am getting the following error only when using this for incoming mail. The message fails to send and bounces back.

Delivery to the following recipient failed permanently:

[email protected]********.com

Technical details of permanent failure: 
Google tried to deliver your message, but it was rejected by the server for the recipient domain ********.com by ********.com. [162.246.57.163].

The error that the other server returned was:
550-Connection rejected: SPAM source ********.com is automatically
550 blacklisted from sending mail.


----- Original message -----

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20120113;
 h=from:content-transfer-encoding:subject:message-id:date:to
 :mime-version;
 bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;
 b=LIVfYEZ386E7nVJfsxwom75znEXEQinlvXIJPyR9P5xQ1fmxpDtE9bha5PEnCIa3Bl
 T3Lw1wABRSfga1Bb5am2H3ncIvoJA3TnGQE88iKb7omCW4klGgr5Y1xzpjrsEG51z+lb
 g85rylfh+3CFq9dGbdeT2bHj2d4+eUfEPF+NV0SsFSxUhvofptEkWneU9utfy3MT+Y+s
 yki5QwC6ILYP/vLvMFfe8VAYY5cEnoki5CUUtPS3ns+K9OxVLbql65snnCuiksaLuKMO
 RwO5+oZUarK6SCWRSQuSMlpp/fd1sVkRi6oyn2RLe+mgFlT4Wu0+QNMSXue+Td/7nsez
 P0+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:from:content-transfer-encoding:subject
 :message-id:date:to:mime-version;
 bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;
 b=alrtBwXBOUrYfu6DhKkRgfO6f7J0n/u/2lVx3/b0Jpj6YhznYP4Fywtts4rXRHF638
 WHpFkIetSlbo1OtqIkx2+/p0d/FvXRQg9/cp7RLyym4dbGmiOd1ZP7AMO17a8Y9NWARc
 +p31NOGEXZmVXDMDQsI5PSI//1tfyuU/z2SGnRO/fjB2aHF450f8Zi6Ihvd+5/uu/fWa
 X1TwkP5X/8ANbBvg6MdqvuMMcXh27mRx8sXiIEq8h9MmYGgRSSFFQMI09Jn5EEqOL9ok
 IiSi0NM+njeOOdfWG1Rxsq4B990cOHVv3TFt45f6A1YUHfv6OIPrGsl7Jcn13HCwwVqp
 uD9g==
X-Gm-Message-State: AD7BkJLwl+LNsJrrbkEECPoPGc2XrrVCVI2sfWZ7P/QPSo85QqG/SjaggNGNgqCf7+YTSw==
X-Received: by 10.202.46.139 with SMTP id u133mr11198874oiu.16.1459193145807;
 Mon, 28 Mar 2016 12:25:45 -0700 (PDT)
Return-Path: <[email protected]********.com>
Received: from [17.105.4.164] ([17.105.4.164])
 by smtp.gmail.com with ESMTPSA id t92sm8162365otb.14.2016.03.28.12.25.45
 for <[email protected]********.com>
 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Mon, 28 Mar 2016 12:25:45 -0700 (PDT)
From: Tyler ****** <[email protected]>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Subject: out
Message-Id: <[email protected]>
Date: Mon, 28 Mar 2016 14:25:56 -0500
To: [email protected]********.com
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)

 

[cPanelPeter]

Hello,

If you have root access to your server, please feel free to open a support ticket using the link within my signature. I'd like to take a look at your settings.
This should not effect incoming email.

 

[tylerjr92]

Hello,

If you have root access to your server, please feel free to open a support ticket using the link within my signature. I'd like to take a look at your settings.
This should not effect incoming email.

Hello cPanelPeter, I have opened the ticket, Support Request ID is: 7506871

 

[cPanelMichael]

Hello cPanelPeter, I have opened the ticket, Support Request ID is: 7506871

To update, here's a copy of the response that addressed the issue:

Hello,

I was able to successfully block outgoing emails from the domain in question using the following steps:

Firstly, I created the file /usr/local/cpanel/etc/exim/sysfilter/options/test (name it whatever you want, just must be in that folder). This had the following contents:

if $header_from: contains "@domain"
then
fail text "Connection rejected: SPAM source $domain is automatically blacklisted from sending mail."
seen finish
endif

if $header_from: contains "[email protected]"
then
fail text "Connection rejected: SPAM source [email protected] is automatically blacklisted from sending mail."
seen finish
endif

Note that I also included [email protected] so that it also filters php mail() items.

Afterwards, I went to the Exim Configuration Manager, and simply hit save. No actual action needs doing, just the Exim configuration needs to know about this.

I tested this with a two-way message to and from our testing Gmail account. The results were as you requested.

This filter has syntax documented at < 3. Exim filter files >.

Thank you.

 

[RWH Tech]

I don't know jack about exim and I think I came across a bug that made me pull my hairs out.
With this filter running, I had to disable the DKIM check, even if "deny failed" was off. With it enabled I'd get bounces with "administrative restriction" or some crap.
Ate up my whole day.
The @yourdomain.com is so your customer can still e-mail you for support, even with the account blocked.
I had to 644 the file, since I was too frazzled to see what ownership it needed. root:mail didn't do it.

# Exim Filter
if ("${lookup {$sender_address_domain} partial-lsearch*@{/etc/blockedsenderdomains} {1}}" is 1) and
$h_To: does not contain "@yourdomain.com"
then
fail text "Connection rejected: $sender_address_domain sending disabled. Contact Support."
seen finish
endif

 

[iero]

hello all,

i did follow instructions, but didnt work but i have a msg "missing or malformed ACL name" any ideas, i already have the folder, file and domain list in the file

[Removed - Please attach images or text output directly to thread]

 

[cPanelMichael]

i did follow instructions, but didnt work but i have a msg "missing or malformed ACL name" any ideas, i already have the folder, file and domain list in the file

Could you let us know the exact steps you took, and which specific instructions were followed?

Thanks!

 

[ssavchenko]

To update, here's a copy ...

Hello cPanelMichael, just to clarify.
This example can be used for php and spam with existing e-mail accounts? It's great!
But I understand that for each domain need to create a separate file and in the file pair of username and domain. It's right?

 

[cPanelMichael]

But I understand that for each domain need to create a separate file and in the file pair of username and domain. It's right?

Yes, that's correct.

Thanks!

 

[Rodrigo Gomes]

Hello,

I wanted to mention that I just tested this solution on 11.54.0.17 and it works fine.

Verified to work in cPanel 11.54.0.17

Go to: Exim Advanced Configuration Editor -> Click on "Add additional configuration setting"
-> Add:

domainlist blocked_domains = lsearch;/etc/blockeddomains

Under "ROUTERSTART" add:

reject_domains:
driver = redirect
domains = +blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

Then run from shell:

# touch /etc/blockeddomains;chown root:mail /etc/blockeddomains;chmod 640 /etc/blockeddomains

Place any domains you don't want to allow sending to, in /etc/blockeddomains

NOTE: It will not block mail from PHP/Perl scripts (unless they authenticate).

Is there a way to make this script work with regular expressions?

Put something like this in the blockeddomains file: *.example*.com
To catch domains like this: server.example123.com

 

[webmasteryoda]

To update, here's a copy of the response that addressed the issue:



Thank you.

Hello Michael.

I confirm that this method works when blocking mails. I just have one simple question.

When I try to send email from the domain which is blocked, I see this in my Mail Delivery Report:

[EMAIL][email protected][/EMAIL]
Jan 15, 2018 10:12:22 PM
unknown
1ebC3k-002PqA-7P
In progress

"In progress" is confusing me. What will happend when this method blocks bunch of emails and all those blocked mails end up "in progress"? Will that slow down the server or mail server?