The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Reject outbound mail by domain?

Discussion in 'E-mail Discussions' started by bear, Jun 1, 2006.

  1. bear

    bear Well-Known Member

    Joined:
    Sep 24, 2002
    Messages:
    113
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Is it possible to prevent or drop outbound mail by recipient domain?

    I have a shopping cart on one client's site, and it has a "recommend" script. Apparently a bot has fallen in love with it, and is sending repeated messages to non-existent domains like "@levitra1.com" and "@viagra1.com" and so on. I've made sure they aren't successfully using it to send BCCs or anything of that nature, and it seems it's only able to send to the one email address in the form/script. The domain doesn't exist, and it clogs the queue, later delivering the bounces to us. Lots of bounces.

    Can I make it so the server will reject outbound mail based on a recipient's address/domain? Don't care if it blocks or just drops the message, as long as it's gone.
    Can't disable the form, the client needs it.
    Can't block IPs for the bot, there are hundreds, changing with every "run".
     
  2. bmcgrail

    bmcgrail Well-Known Member

    Joined:
    Dec 8, 2003
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Your best bet would be to edit the script to behave. Either remove the recommend functionality or edit the script to hard-code the domain and not allow for user input of an email address.
     
  3. bear

    bear Well-Known Member

    Joined:
    Sep 24, 2002
    Messages:
    113
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    The script is behaving by only allowing it to send to the address specified, and not BCC etc. The issue here is, I feel, that it's allowing submission by a bot, probably as a remote post and not an actual visit to the page that calls the script. Is there a simple way to check the origin of the post request and stop it if it's not from the domain? Or better yet, a way to prevent submisison if one of the fields contains a particular word or phrase?

    As for hard coding, what use is a "recommend to a friend" script with an address hard coded in it? ;) The recipient address has to be something they can fill in.
     
  4. bmcgrail

    bmcgrail Well-Known Member

    Joined:
    Dec 8, 2003
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Sorry, didn't realize you were actually using the friend functionality. If you have a web script that allows email to be sent to a non-local destination then I suggest you install some form of Captcha.

    Captcha is where a user has to type in the distorted letters displayed to prove they are not a bot.

    There are several links at the bottom of the wiki page to various implementations.

    http://en.wikipedia.org/wiki/Captcha
     
  5. bmcgrail

    bmcgrail Well-Known Member

    Joined:
    Dec 8, 2003
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    until then, take the script off-line because they are probably sending to real addresses as well as the bounce addresses and they are going to get your server blacklisted on the RBL lists.
     
  6. bear

    bear Well-Known Member

    Joined:
    Sep 24, 2002
    Messages:
    113
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I'll look into captcha, thanks.
    As for them sending to others, I don't believe that's the case, as I see no evidence of large mailings, either by volume or KB. The script only allows one address, and we've had zero complaints. Surely if this were allowing a lot of BCC mail, there would be complaints back to the server.
    Is there a way programmatically to show all recipients in a log (including BCCs) on a sent message when it's a PHP form send? I've tailed the EXIM log, and nothing shows there.
     
Loading...

Share This Page