Reject outbound mail by domain?

bear

Well-Known Member
Sep 24, 2002
129
4
168
cPanel Access Level
Root Administrator
Is it possible to prevent or drop outbound mail by recipient domain?

I have a shopping cart on one client's site, and it has a "recommend" script. Apparently a bot has fallen in love with it, and is sending repeated messages to non-existent domains like "@levitra1.com" and "@viagra1.com" and so on. I've made sure they aren't successfully using it to send BCCs or anything of that nature, and it seems it's only able to send to the one email address in the form/script. The domain doesn't exist, and it clogs the queue, later delivering the bounces to us. Lots of bounces.

Can I make it so the server will reject outbound mail based on a recipient's address/domain? Don't care if it blocks or just drops the message, as long as it's gone.
Can't disable the form, the client needs it.
Can't block IPs for the bot, there are hundreds, changing with every "run".
 

bmcgrail

Well-Known Member
Dec 8, 2003
83
0
156
Your best bet would be to edit the script to behave. Either remove the recommend functionality or edit the script to hard-code the domain and not allow for user input of an email address.
 

bear

Well-Known Member
Sep 24, 2002
129
4
168
cPanel Access Level
Root Administrator
bmcgrail said:
Your best bet would be to edit the script to behave. Either remove the recommend functionality or edit the script to hard-code the domain and not allow for user input of an email address.
The script is behaving by only allowing it to send to the address specified, and not BCC etc. The issue here is, I feel, that it's allowing submission by a bot, probably as a remote post and not an actual visit to the page that calls the script. Is there a simple way to check the origin of the post request and stop it if it's not from the domain? Or better yet, a way to prevent submisison if one of the fields contains a particular word or phrase?

As for hard coding, what use is a "recommend to a friend" script with an address hard coded in it? ;) The recipient address has to be something they can fill in.
 

bmcgrail

Well-Known Member
Dec 8, 2003
83
0
156
Sorry, didn't realize you were actually using the friend functionality. If you have a web script that allows email to be sent to a non-local destination then I suggest you install some form of Captcha.

Captcha is where a user has to type in the distorted letters displayed to prove they are not a bot.

There are several links at the bottom of the wiki page to various implementations.

http://en.wikipedia.org/wiki/Captcha
 

bmcgrail

Well-Known Member
Dec 8, 2003
83
0
156
until then, take the script off-line because they are probably sending to real addresses as well as the bounce addresses and they are going to get your server blacklisted on the RBL lists.
 

bear

Well-Known Member
Sep 24, 2002
129
4
168
cPanel Access Level
Root Administrator
I'll look into captcha, thanks.
As for them sending to others, I don't believe that's the case, as I see no evidence of large mailings, either by volume or KB. The script only allows one address, and we've had zero complaints. Surely if this were allowing a lot of BCC mail, there would be complaints back to the server.
Is there a way programmatically to show all recipients in a log (including BCCs) on a sent message when it's a PHP form send? I've tailed the EXIM log, and nothing shows there.