webbuilders

Member
May 10, 2011
5
0
51
Greece
cPanel Access Level
Root Administrator
Hi i want to ask opinions about the Root email i see in all my accounts.

By default i noticed that all e-mails that are going to [email protected] are going inside this "Root" of the domain.

1) My first question is that if i want to stop such function for all domains how can i do it ..??
2) Is there a way from Cpanel even if i have closed such function from WHM someone to configure his mails that goes to anywhere to grab them ??
3) What do you suggest me to do ?? What are the disadvantages if i close such function ??

Thanks
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
41
348
somewhere over the rainbow
cPanel Access Level
Root Administrator
In WHM > Tweak Settings, you have the following option:

Initial default/catch-all forwarder destination [?]

Forwarding destination for a new account’s catch-all/default address. (Users may modify this value via the Default Address interface in cPanel.) “fail” rejects the message and notifies the remote SMTP server; this is usually the best choice if you are getting mail attacks. “blackhole” accepts and processes the message but then silently discards it; this avoids notifying the remote SMTP server but violates SMTP RFC 5321 and generally should not be used.
If you set this to "Fail", then emails sent to non-existing email accounts on the domain will be bounced back to the sender rather than try to deliver to the user's default email account. This will only apply to new accounts. Any previously existing accounts will need to have this changed in /etc/valiases from the following:

Code:
*: username
To the following:

Code:
*: :fail: No Such User Here
Please note that username above represents the cPanel username.

The following commands should do this for you (please note that I'm having a backup created of /etc/valiases before the command to ensure that you have a method to covert back to the previously working files):

Code:
cp -R /etc/valiases /etc/valiases.bak110510
for i in `ls /var/cpanel/users/`;do replace "*: $i" "*: :fail: No Such User Here" -- /etc/valiases/*;done
This basically takes all instances of *: username and replaces them with *: :fail: No Such User Here instead.

Next, anyone who has set their default email catchall to something else such as an email account will not be changed. The users who have done this likely do want to receive those emails.
 

webbuilders

Member
May 10, 2011
5
0
51
Greece
cPanel Access Level
Root Administrator
Thanks for your reply ...

One more question that i have not understand .. How a client can catch from Cpanel all the emails if he want even if i had this set up to "fail" ?? Is there an extra choice in every cpanel ?

Thanks
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
41
348
somewhere over the rainbow
cPanel Access Level
Root Administrator
I don't understand the question. What is meant precisely by "from Cpanel" in this context? What area of cPanel would be sending messages to the customer? If the customer has something being sent to an existing account, the existing account would still receive messages. The above steps are for any non-existing email accounts. It's a bad policy to accept emails for non-existing email accounts, since those are a magnet for spammers.
 

theG

Member
Mar 10, 2012
12
0
51
cPanel Access Level
Root Administrator
Hi i am getting lot of spam mails to email accounts that are no longer exist. So my server send a bounce back email that 'No Such User exists'. I think this bounce back is causing my server to get blacklisting. So i thought to redirect this anonymous email to the default email address without any reply. I know it is not a good resolution. Any suggestion to handle such email and to be have a safe distance from the blacklisting.

Thanks in advance.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
41
348
somewhere over the rainbow
cPanel Access Level
Root Administrator
If you are getting blacklisted due to failing messages for spamming to your machine, then the lists blacklisting you are going against email policy. I've never heard of this happening and it seems highly unlikely that is the cause.

If you don't want to fail emails to bounce back to the sender, then blackhole them. You don't have to accept them as emails to the account, just blackhole them instead of fail and the server will process them to delete.
 

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
If you are getting blacklisted due to failing messages for spamming to your machine, then the lists blacklisting you are going against email policy. I've never heard of this happening...
Well this just happened to us. In our case, our server was blacklisted at mailspike.org specifically due to "delivery delayed" messages bouncing from our server, as a result of email sent to non-existent email addresses. Here's the exact quote I received from mailspike.org/anubisnetworks.com:

-----------------------------------------
...Those hits all refer to known spam fingerprints, as identified by the algorithms "hashdb" and "mailsigs" seen above.
After closely inspecting all those hits, it seams that all of them (at least the recent ones) were actually DSNs about delivery delays (such as "Subject: Warning: message xxxxx-xxxx-xx delayed 144 hours").

Under normal circumstances, such type of messages (DSNs/NDRs) would have little to no impact on the reputation matrix, but in this case, since we had zero history about legit traffic from that IP address in the last 15 days, it caused the reputation to decrease up to a point that would end up on the bad reputation side.
-----------------------------------------
 

smileybri

Member
Dec 17, 2010
6
0
51
cp -R /etc/valiases /etc/valiases.bak110510
for i in `ls /var/cpanel/users/`;do replace "*: $i" "*: :fail: No Such User Here" -- /etc/valiases/*;done
That worked perfectly! What a time saver!
 

Cloud9

Well-Known Member
Sep 17, 2012
60
1
58
UK
cPanel Access Level
Root Administrator
In WHM > Tweak Settings, you have the following option:


To the following:

Code:
*: :fail: No Such User Here
Please note that username above represents the cPanel username.
In my cpanel / whm this is shown in the file as

Code:
*: ":fail: No Such User Here"
With Speech marks ?

Your example shows without speech marks ?

Does it matter ?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
The quotations are needed to identify the content used in the replace command. They are not actually added to the entry itself when using that command.

Thank you.