The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Limiting incoming smtp connections to few domains

Discussion in 'E-mail Discussions' started by tarantula, Mar 3, 2014.

  1. tarantula

    tarantula Registered

    Joined:
    Mar 3, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    On one of the servers we manage, there is a user with thousands of parked domains, all forward to a locally hosted sales page.

    Despite that all these parked domains have no MX record setup, there is a large number of incoming SMTP connections that are happening all the time to these domains leading to server resource depletion as well as failure of exim due to multiple simultaneous incoming connections.

    So my question is two fold:

    1) How can we prevent incoming smtp connections to domains that have no MX record?

    2) How can we limit smtp connections to only few domains hosted on server (in this case all but parked domains)?

    Can we block incoming mail to port 25 with exception to that directed to specific domains?

    Thanks in advance
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It sounds like blocking SMTP connections to the parked domain names might just be treating a symptom of the overall problem. Instead, you may want to consider blocking any IP addresses that are sending excessive amounts of failed SMTP authentication attempts to your system. There are several options in "WHM Home » Service Configuration » Exim Configuration Manager" for you to review and consider. In addition, you may want to utilize a firewall management tool such as CSF if you do not do so already.

    Thank you.
     
  3. tarantula

    tarantula Registered

    Joined:
    Mar 3, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks for your reply Michael.

    We have csf/lfd running.

    We tied the IP banning thing but there are thousands of domains and tens of thousands of incoming SMTP connections to them each day. So this is not really a solution.

    Can you tell why smtp connections are possible to domains that have no MX record?

    Thanks
     
  4. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    An MX record isn't required if your server will accept mail for the domain.

    I presume all these connections are inbound mail to those domains rather than smtp auth attempts?
     
  5. tarantula

    tarantula Registered

    Joined:
    Mar 3, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Yes that is correct. They are inbound email to non existent addresses. The domains were once in use but then expired and were reacquired. So all these connections are trying to deliver email to no existent addresses.

    What are my options here?
     
  6. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    You could set up an MX record for all the domains and point it to 0.0.0.0 - then set the mail routing to "remote" for all of them. This would deflect any mail sent via the MX record - if this is simply a symptom of the domains previous usage.

    If large volumes of mail continue to be sent to the domains themselves, bypassing the MX - you will continue to have a problem because the average cpanel sever is not set up to handle mail for thousands of domains, only a couple of hundred.

    How many domains are we talking about here?
     
  7. tarantula

    tarantula Registered

    Joined:
    Mar 3, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    More than 10,000 domains, all just parked. They receive minimal traffic. But the emails are the issue here.

    Is there a way to do the MX and email changes you are suggesting in bulk? As you can imagine, it is impossible to manually edit DNS records for more than ten thousand domains.

    Maybe an API function that we can create create a script around?
     
  8. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    There are quite a few threads in here about bulk updating DNS zones. In your case it would be quite easy to append an entry to all the zone files then you just have to update the serials in each one. This might be useful....

    http://forums.cpanel.net/f5/bulk-dns-insert-219301.html
     
Loading...

Share This Page