Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to get Cpanel/Exim to reject email from bogus invalid hostnames?

Discussion in 'E-mail Discussion' started by eurorocco, Feb 12, 2014.

  1. eurorocco

    eurorocco Well-Known Member

    Joined:
    Jun 23, 2003
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    156
    One user is getting spam from a distributed sender, from hundreds of different IPs, but the HELO hostnames are invalid. Here is one example...

    ------ In /var/log/exim_main.log one line...

    Code:
    2014-02-09 05:30:25 1WCSab-0003Fp-E0 <= spamtitle @ domain.com H=(0023f2f2.domain.com) [198.20.98.91]:39483 P=esmtp S=11354 id=741152355880742221
60109 @ q4j3frgw9.domain.com T="Need Financing?" for XXX@YYYY

------ Then I check if the hostname is good, but it's not...
2014-02-09 05:30:25 1WCSab-0003Fp-E0 <= spamtitle @ domain.com H=(0023f2f2.domain.com) [198.20.98.91]:39483 P=esmtp S=11354 id=741152355880742221
60109@q4j3frgw9.domain.com T="Need spam?" for XXX@YYYY

------ Then I check if the hostname is good, but it's not...

# dig -x 0023f2f2.domain.com

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> -x 0023f2f2.domain.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18758
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;com.domain.0023f2f2.in-addr.arpa. IN PTR

;; AUTHORITY SECTION:
in-addr.arpa. 3192 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2014012551 1800 900 604800 3600

;; Query time: 20 msec
;; SERVER: A.B.C.D#53(A.B.C.D)
;; WHEN: Wed Feb 12 14:46:00 2014
;; MSG SIZE rcvd: 117

#
    ------- How can I configure Cpanel/Exim to reject email coming from bogus invalid hostnames? I thought the default was to do this. Perhaps my mailserver is misconfigured, but I cannot find the specific option in "Mailserver configuration, Basic or Advanced" to do this.

    I see Sender Verification Callouts, which are a different thing and do cause some problems, so we have disabled on purpose. I also have both RBLs on, but they're not filtering this particular spammer out.

    Your help is greatly appreciated!

    Thanks!

    ER
     
    #1 eurorocco, Feb 12, 2014
    Last edited by a moderator: Feb 12, 2014
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,660
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can make sure the following options are enabled under "ACL Options" in "WHM Home » Service Configuration » Exim Configuration Manager":

    "Require HELO before MAIL"
    "Require RFC-compliant HELO"

    However, the "Sender Verification Callouts" option might be the best way to avoid emails like this. What issues do you experience with it enabled?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Feb 12, 2014
  3. eurorocco

    eurorocco Well-Known Member

    Joined:
    Jun 23, 2003
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    156
    Had the two options ON...
    "Require HELO before MAIL" ON
    "Require RFC-compliant HELO" ON

    Enabled "Sender Verification Callouts". Was off. Now ON.

    I'm trying to remember the exact situation that pushed us to disable "Sender Verification Callouts". Let me try this again.

    Thanks a lot for your help!

    ER
     
    #3 eurorocco, Feb 12, 2014
  4. sajanNOPPIX

    sajanNOPPIX Member

    Joined:
    May 30, 2012
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    Enabling Sender Verification Callouts can up your risk of being listed on RBLs. We also leave it off.
     
    #4 sajanNOPPIX, Feb 14, 2014
  5. eurorocco

    eurorocco Well-Known Member

    Joined:
    Jun 23, 2003
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    156
    Thanks for the hint on the negative side-effect of enabling "Sender Verification".

    In /etc/exim.conf ... another thing I had to try was to uncomment

    #host_lookup = 0.0.0.0/0

    To get exim to check the incoming IP has a reverse-dns-lookup value.

    Thanks!

    ER
     
    #5 eurorocco, Feb 14, 2014
  6. serichards

    serichards Well-Known Member

    Joined:
    Dec 11, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Website Owner
    Why would it get you put on RBLs? It seems totally unfair that one of the most effective tools against the deluge of crud out there would get the person using it in trouble. Having that enabled stops about 90%+ of the spam I get.
     
    #6 serichards, Feb 16, 2014
  7. eurorocco

    eurorocco Well-Known Member

    Joined:
    Jun 23, 2003
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    156
    Some email addresses are hooks or triggers of RBLs, so yes, there is a chance "full mailboxes" and "sender verification callouts" can have the server RBL-blocked. I did enable "sender verification callouts" though, opted to run take the risk. Something being unfair doesn't prevent it from happening, unfortunately. Probably the risk of getting blacklisted is higher if the antispam is less astringent, less strict and bounces and passes through more spam. THANKS! ER
     
    #7 eurorocco, Feb 16, 2014
  8. serichards

    serichards Well-Known Member

    Joined:
    Dec 11, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Website Owner
    I did have issues with sender verify previously with I think google. I think they either blocked me from their dns or checking with them about their apparent senders as I was getting so much junk from gmail accounts. I just blacklisted all gmail addresses in the end.
     
    #8 serichards, Feb 16, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - Cpanel Exim reject
  1. locki

    In Progress [CPANEL-20545] Exim sending email (-53) retry time not reached for any host

    locki, May 21, 2018, in forum: E-mail Discussion
    Replies:
    11
    Views:
    308
    cPanelMichael
    May 22, 2018
  2. phph

    /etc/cpanel_exim_system_filter missing options

    phph, May 16, 2018, in forum: E-mail Discussion
    Replies:
    3
    Views:
    74
    cPanelLauren
    May 18, 2018
  3. swbrains

    In Progress [CPANEL-19455] eximstats_spam_check cron job always sends root notification

    swbrains, Apr 2, 2018, in forum: E-mail Discussion
    Replies:
    11
    Views:
    776
    cPanelMichael
    Jun 14, 2018 at 10:30 AM
  4. rpvw

    cPanel update wiped out custom Exim configuration

    rpvw, Jan 22, 2018, in forum: E-mail Discussion
    Replies:
    12
    Views:
    712
    cPanelJackson
    Jan 23, 2018
  5. danone

    bypass rules in /etc/cpanel_exim_system_filter for certain domain or whitelist

    danone, Dec 2, 2017, in forum: E-mail Discussion
    Replies:
    10
    Views:
    578
    cPanelMichael
    Dec 11, 2017

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice