Limiting incoming smtp connections to few domains

tarantula

Registered
Mar 3, 2014
4
0
1
cPanel Access Level
Root Administrator
On one of the servers we manage, there is a user with thousands of parked domains, all forward to a locally hosted sales page.

Despite that all these parked domains have no MX record setup, there is a large number of incoming SMTP connections that are happening all the time to these domains leading to server resource depletion as well as failure of exim due to multiple simultaneous incoming connections.

So my question is two fold:

1) How can we prevent incoming smtp connections to domains that have no MX record?

2) How can we limit smtp connections to only few domains hosted on server (in this case all but parked domains)?

Can we block incoming mail to port 25 with exception to that directed to specific domains?

Thanks in advance
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello :)

It sounds like blocking SMTP connections to the parked domain names might just be treating a symptom of the overall problem. Instead, you may want to consider blocking any IP addresses that are sending excessive amounts of failed SMTP authentication attempts to your system. There are several options in "WHM Home » Service Configuration » Exim Configuration Manager" for you to review and consider. In addition, you may want to utilize a firewall management tool such as CSF if you do not do so already.

Thank you.
 

tarantula

Registered
Mar 3, 2014
4
0
1
cPanel Access Level
Root Administrator
Hello :)

It sounds like blocking SMTP connections to the parked domain names might just be treating a symptom of the overall problem. Instead, you may want to consider blocking any IP addresses that are sending excessive amounts of failed SMTP authentication attempts to your system. There are several options in "WHM Home » Service Configuration » Exim Configuration Manager" for you to review and consider. In addition, you may want to utilize a firewall management tool such as CSF if you do not do so already.

Thank you.
Thanks for your reply Michael.

We have csf/lfd running.

We tied the IP banning thing but there are thousands of domains and tens of thousands of incoming SMTP connections to them each day. So this is not really a solution.

Can you tell why smtp connections are possible to domains that have no MX record?

Thanks
 

4u123

Well-Known Member
PartnerNOC
Jan 2, 2006
931
21
168
Thanks for your reply Michael.

We have csf/lfd running.

We tied the IP banning thing but there are thousands of domains and tens of thousands of incoming SMTP connections to them each day. So this is not really a solution.

Can you tell why smtp connections are possible to domains that have no MX record?

Thanks
An MX record isn't required if your server will accept mail for the domain.

I presume all these connections are inbound mail to those domains rather than smtp auth attempts?
 

tarantula

Registered
Mar 3, 2014
4
0
1
cPanel Access Level
Root Administrator
An MX record isn't required if your server will accept mail for the domain.

I presume all these connections are inbound mail to those domains rather than smtp auth attempts?
Yes that is correct. They are inbound email to non existent addresses. The domains were once in use but then expired and were reacquired. So all these connections are trying to deliver email to no existent addresses.

What are my options here?
 

4u123

Well-Known Member
PartnerNOC
Jan 2, 2006
931
21
168
Yes that is correct. They are inbound email to non existent addresses. The domains were once in use but then expired and were reacquired. So all these connections are trying to deliver email to no existent addresses.

What are my options here?
You could set up an MX record for all the domains and point it to 0.0.0.0 - then set the mail routing to "remote" for all of them. This would deflect any mail sent via the MX record - if this is simply a symptom of the domains previous usage.

If large volumes of mail continue to be sent to the domains themselves, bypassing the MX - you will continue to have a problem because the average cpanel sever is not set up to handle mail for thousands of domains, only a couple of hundred.

How many domains are we talking about here?
 

tarantula

Registered
Mar 3, 2014
4
0
1
cPanel Access Level
Root Administrator
You could set up an MX record for all the domains and point it to 0.0.0.0 - then set the mail routing to "remote" for all of them. This would deflect any mail sent via the MX record - if this is simply a symptom of the domains previous usage.

If large volumes of mail continue to be sent to the domains themselves, bypassing the MX - you will continue to have a problem because the average cpanel sever is not set up to handle mail for thousands of domains, only a couple of hundred.

How many domains are we talking about here?
More than 10,000 domains, all just parked. They receive minimal traffic. But the emails are the issue here.

Is there a way to do the MX and email changes you are suggesting in bulk? As you can imagine, it is impossible to manually edit DNS records for more than ten thousand domains.

Maybe an API function that we can create create a script around?
 

4u123

Well-Known Member
PartnerNOC
Jan 2, 2006
931
21
168
More than 10,000 domains, all just parked. They receive minimal traffic. But the emails are the issue here.

Is there a way to do the MX and email changes you are suggesting in bulk? As you can imagine, it is impossible to manually edit DNS records for more than ten thousand domains.

Maybe an API function that we can create create a script around?
There are quite a few threads in here about bulk updating DNS zones. In your case it would be quite easy to append an entry to all the zone files then you just have to update the serials in each one. This might be useful....

http://forums.cpanel.net/f5/bulk-dns-insert-219301.html