Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to Limit SMTP to authenticated and trustedmailhosts

Discussion in 'E-mail Discussion' started by caldwell, Jan 12, 2017.

Tags:
  1. caldwell

    caldwell Member

    Joined:
    Sep 10, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    Could use some help on this one. Spammers are consistently bypassing the MX records for domains. This is a spam filter appliance which would filter out the junk.

    We want to be able to block all SMTP servers and traffic to our CPanel Exim service unless

    1) the user is authenticated

    2) the standard checks such as POP before SMTP are satisfied

    3) the server is listed in our trustedmailhosts file (or similar)

    What type of ACL statement do we put in and where do we put it?

    We especially want this to survive upgrades, so having the option to put it into custom configurations would be preferred.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Do multiple MX records exist for these domain names, with the higher/lower priority record pointing directly to the cPanel mail server? If so, you may want to point all MX records to the SPAM appliance to prevent spammers from finding the actual mail server.

    Otherwise, have you considered alternatives to a custom Exim ACL rule such as rejecting senders who fail SPF or DKIM verification? There are several options available to block spammers at SMTP time in WHM >> Exim Configuration Manager >> Basic Editor:

    Exim Configuration Manager - Documentation - cPanel Documentation

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. caldwell

    caldwell Member

    Joined:
    Sep 10, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    The only MX record for each domains already points to the spam filter.

    So, we really do want to lock out SMTP connections to the CPanel server unless it meets the criteria listed above.

    The spammers don't obey MX records. They connect to the root or www domain and try to send e-mail directly that way.

    Any help on what ACL to use and where to put it?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice