Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to Limit SMTP to authenticated and trustedmailhosts

Discussion in 'E-mail Discussions' started by caldwell, Jan 12, 2017.

Tags:
  1. caldwell

    caldwell Member

    Joined:
    Sep 10, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    Could use some help on this one. Spammers are consistently bypassing the MX records for domains. This is a spam filter appliance which would filter out the junk.

    We want to be able to block all SMTP servers and traffic to our CPanel Exim service unless

    1) the user is authenticated

    2) the standard checks such as POP before SMTP are satisfied

    3) the server is listed in our trustedmailhosts file (or similar)

    What type of ACL statement do we put in and where do we put it?

    We especially want this to survive upgrades, so having the option to put it into custom configurations would be preferred.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Do multiple MX records exist for these domain names, with the higher/lower priority record pointing directly to the cPanel mail server? If so, you may want to point all MX records to the SPAM appliance to prevent spammers from finding the actual mail server.

    Otherwise, have you considered alternatives to a custom Exim ACL rule such as rejecting senders who fail SPF or DKIM verification? There are several options available to block spammers at SMTP time in WHM >> Exim Configuration Manager >> Basic Editor:

    Exim Configuration Manager - Documentation - cPanel Documentation

    Thank you.
     
  3. caldwell

    caldwell Member

    Joined:
    Sep 10, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    The only MX record for each domains already points to the spam filter.

    So, we really do want to lock out SMTP connections to the CPanel server unless it meets the criteria listed above.

    The spammers don't obey MX records. They connect to the root or www domain and try to send e-mail directly that way.

    Any help on what ACL to use and where to put it?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page