is possible FILTER over "Email Account Forwarders" ??

000

Well-Known Member
Jun 3, 2008
307
13
68
hello, happy 2021 for all.

:)

as ROOT in my CentOs 7 I run:
Code:
grep @mydomain.com /var/log/exim_mainlog | grep 2020-12 | wc -l
14734
but... in december 2020 I recived ONLY 2 REAL emails, the others 4732 are 100% SPAM

that is terrible!, and cPanel have tools to STOP spam,
but my problem is ALL accounts of email in the server run as:

"Email Account Forwarders"

then:

SERVER_SPAMMER_SEND_MSG_TO_MY_DOMAIN -> MY_SERVER_GET_AND_AUTOMATICALLY_RESEND_TO -> GMAIL
SERVER_SPAMMER_SEND_MSG_TO_MY_DOMAIN -> MY_SERVER_GET_AND_AUTOMATICALLY_RESEND_TO -> HOTMAIL
SERVER_SPAMMER_SEND_MSG_TO_MY_DOMAIN -> MY_SERVER_GET_AND_AUTOMATICALLY_RESEND_TO -> YAHOO

. . .

then MY SERVER never filter

Please: exist some solution without I lost the option "Email Account Forwarders" ?

also I config send ALL MSG to:

|/home/my_user/public_html/process_email.php

then in MY SCRIPT is easy:

if(IP_SENDER == X.X.X.X)exit;

and manually I filter each X time by IP and all run fine...


some method is best to do PIPE?

in some point I am wrong?



Many thanks by yours instructions.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,283
536
273
cPanel Access Level
Root Administrator
Hey there! If you only ever received two messages, it sounds like the spam filter is doing its job well, as those messages would still show up in the exim_mainlog file on the system. Can you get me more details on the issue you're seeing?
 

keat63

Well-Known Member
Nov 20, 2014
1,904
254
113
cPanel Access Level
Root Administrator
I don't truly understand what you are saying.
However, I have a few ideas.

Does the spam come from the same ip address, or similar subnet.
And do you have CSF firewall installed.
Adding the IP addresses or subnets if you can narrow this down will stop these dead in thier tracks (for a while)

Also in exim config, take a look at the RBL tab, maybe consider adding a few custom RBL's to the list.
I've included an image of the ones I use to good effect.

Take a look at 'Manage Custom RBL's' about 75% down the page.
 

Attachments

  • Like
Reactions: cPRex

000

Well-Known Member
Jun 3, 2008
307
13
68
thanks by your help

we have ALL emails of OUR DOMAIN as "Email Account Forwarders".

also we have CSF

Then many IPs, address of emails SEND SPAM to "[email protected]"

by example, in DECEMBER only TWO of 15000 emails is REAL messages.

Then by 15.000 times:

SPAMMERS send MSG to "[email protected]" AND 15.000 our server RE-send MSG SPAM to DESTINY.

Is possible USING "Email Account Forwarders" (this means NO REAL accounts EMAIL into our server)
STOP all this spam?

thanks
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,283
536
273
cPanel Access Level
Root Administrator
Thanks for the additional details. If your server is successfully marking these messages as spam, you'll want to enable one of the following options in WHM >> Exim Configuration Manager >> Apache SpamAssassin, depending which threshold you are using:

Do not forward mail to external recipients if it matches the Apache SpamAssassin™ internal spam_score setting
Do not forward mail to external recipients based on the defined Apache SpamAssassin™ score (Minimum: 0.1; Maximum: 99.9)


That will keep messages that have been marked as spam from being forwarded.
 
  • Like
Reactions: keat63

000

Well-Known Member
Jun 3, 2008
307
13
68
Ah!, excellent, because my current email showed that:

1609924620447.png


many thanks by your help.

exist some tutorial "BASICS_STEAPS_TO_STOP_SPAM_IN_YOUR_SERVER" ???
 
  • Like
Reactions: cPRex

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,283
536
273
cPanel Access Level
Root Administrator