The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to set all existing accounts to :Fail

Discussion in 'E-mail Discussions' started by ladylinux, Jan 19, 2008.

  1. ladylinux

    ladylinux Member

    Joined:
    Jun 22, 2003
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Baltimore, Maryland
    Hi,

    I just want to reset all existing e-mail accounts to use :fail rather than :blackhole for obvious reasons. I know there was a command to do this via shell but I can't seem to find it.

    Can Anyone Help ??

    Thanks,

    Francesca
     
  2. cpanelinfoseeker

    cpanelinfoseeker Well-Known Member

    Joined:
    Oct 25, 2002
    Messages:
    323
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    NE Illinois
    cPanel Access Level:
    Root Administrator
    There are the ones that I run:

    replace :blackhole: :fail: -- /etc/valiases/*
    replace blackhole: :fail: -- /etc/valiases/*
    replace :blackhole :fail: -- /etc/valiases/*
    replace blackhole :fail: -- /etc/valiases/*
    replace " fail:" " :fail:" -- /etc/valiases/*
    replace /dev/null :fail: -- /etc/valiases/*

    I forget who originally sent them to me, but they did work. I think they will only change one's that have some form of blackhole or /dev/null set currently.

    Ron
     
  3. netlook

    netlook Well-Known Member
    PartnerNOC

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    16
    You can also:

    sed -i ’s/^\*: [^ ]*$/*: :fail: ADDRESS DOES NOT EXIST/g’ /etc/valiases/*

    this will replace all stuff other than :fail: in *: position on /etc/valiases

    Remember to backup /etc/valiases before making changes, just to be sure everythink went well.
     
  4. cesare

    cesare Registered

    Joined:
    Mar 16, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    :fail: isn't fail prove.

    Hi.
    I have been using :fail: no such user here for several years as the email is rejected at smtp time, and does what the RFC's request.

    I have however seen a problem that made me change my mind. I do not remember where I read about it.
    It seems that a formmail prone to sql injections will make it possible to use my form for spamming in stealth mode.

    When a spammer injects into my form with unqualifiedname@qualifieddomaine.tld the CC address email is sent to the eternal bitfields because of fail without any notion in log files, while the bcc part is sent on.

    Investigating my server setting up a catchall address like unrouted@qualifieddomaine.tld on all domaines, I actually found evidents that one formmail on the server was being used for spamming.
    :eek:

    It seems that the spammer tried to make it harder to discover by only sending one email pr. day, as I found 1 entry each day like 08034823084@qualifieddomaine.tld. I do not know how many bcc's was attached.

    Another advantage with this setup is that my unrouted addresses also shows me ip's which use dictionary attack approaches.

    Hope you can use this.

    ;0)Bent
     
  5. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    How does this show that :fail: is not fool-proof? What it shows is that form mail scripts need to be properly sanitized. :confused:
     
Loading...

Share This Page