Really block ISP numbers, not using TLD, just using the IP.

Operating System & Version
linux - host doesn't provide version
cPanel & WHM Version
cPanel 86.0 (build 24) / WHM version not displayed

iNiC

Member
Aug 1, 2020
13
2
3
Earth
cPanel Access Level
Reseller Owner
Before we begin, and just so you understand, I am referring to the IP address such as 255.255.255.255 - NOT TLD such as .TLD, .CO, .COM, etcetera as most found internet sources redirect with their wrong answer.

ISSUE:
  1. Too much spam comes into email account from a IP address (example: ###.###.###.###)
  2. The internet references to use "Account Level Filtering " does not exist in our versions of cPanel. Some Internet garbage should be taken out. I know now, 5.58 hours later that it was renamed to something else.
  3. Our Host says we cannot block individual IP addresses but can block TLDs.
  4. Each spam from IP address starting with 170 changes the next 3 suffixes, as well as changes the From and Reply To so each email has to be dealt with individually.
QUESTION:
I NEED to block ###.*.*.* - - is that do-able in cpanel? (where ### is the prefix of the consistent spammer.)

Additional -stuff-:
The spammer has several IP addresses and changes them - such as ###.123.123.123 then ###.124.123.124 then example again being ###.1.2.3.4 as examples but ### never changes.
The spammer is a affiliate of many various scams, junk merchandise and so on.
I would be happy to provide the prefix of the spammers IP addresses, but feel it might be verboten in public, so maybe PM moi?
NOTE: All spam is forwarded to SpamCop. The spammer continues unabated.

Thanks
~i~

This post has/had/includes no intention either real or implied of offending, degrading, demoralizing, insulting, or phobi-ing anyone. The ONLY thing that matters, is we learn to be tolerant of others.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Why not just block the entire range? You should still be able to do this within SpamAssassin. If you're a reseller user you may or may not have access to the exim configuration manager to black list the IP or the firewall settings but you should still be able to create a filter which will do this. Global Email Filters | cPanel & WHM Documentation

For Example If the spammer's first two octets are 192.168. the following should work

Screenshot at Aug 03 14-19-10.png
 

iNiC

Member
Aug 1, 2020
13
2
3
Earth
cPanel Access Level
Reseller Owner
Many thanks @cPanelLauren

There is no "SpamAssassin" in the cPanel I have, but Host said "Spam Filters" IS SpamAssassin. Your redirecting me to Global Email Filters has done the trick. Many thanks - I really do appreciate the help.

~i~
 

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
I'd be a little bit careful when creating your global filter.
If you blocked the IP address octets rather than a word/phrase, you could in theory block all sorts that you never intended.

Lets assume that the troublesome IP address is 123.456.789.012

If you create a filter which goes
eg: If any header contains 123.456, then you could in effect block a whole country/isp/region

If these are coming from somewhere obscure that you have no dealings with or don't much care about, then it should be OK
I have a user in Thailand, who consistently gets locked out due to a somewhat aggressive firewall rule blocking class b subnets
 
Last edited:
  • Like
Reactions: cPanelLauren