spam email to user who no longer exists

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
I've 2 users on a domain who no longer exist, and haven't done for a considerable number of years (10 or more).
These email addresses must be on a spam mailing list somewhere as I'm seeing outbound bounce messages every few minutes 24/7 in my exim reject log.

Yesterday, I sampled 100 records to see if there were any patterns in the sending IP's, but couldn't really see anything standing out, maybe 4 or 5 duplicate IP's at most, so it wouldn't be practical to block them in CSF.

I'm mindful that whilst nothing is being delivered, the server is working on these messages and bounces, when it could be doing something else instead.

Could anyone suggest anything to help.
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
462
113
UK
cPanel Access Level
Root Administrator
Set up Global Email Filters for that domain to check the two specific To addresses and discard them, which I believe will route them to /dev/null rather than bouncing them.
 

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
I tried that shortly after posting my original thread, but I'm still seeing the outbound bounce messages.
I suspect it's because the email account doesn't exist, that the global filter doesn't work. ?
 

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
In the account cpanel, I remembered the 'default address' option, which I've now set to blackhole.
Lets see what this does over then next hour.
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
462
113
UK
cPanel Access Level
Root Administrator
I tried that shortly after posting my original thread, but I'm still seeing the outbound bounce messages.
Yes you are right. I just ran some tests and it sends the bounce message before it looks at any domain filters.

Setting the cPanel domain Default address option to Discard should blackhole it without a bounce
Discard (Not Recommended) — Select this option to delete incoming messages and do not send a failure notice.
  • Important:
    We do not recommend this option, because the sender will not know that the delivery failed.
This will however impact sending mail to working accounts that may not be delivered (eg mailbox full) and the sender will never know.

Default Address - Version 76 Documentation - cPanel Documentation
 

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
There are only 2 accounts on that domain these days, niether of which have limited space and one of those is barely utilised.
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
462
113
UK
cPanel Access Level
Root Administrator
I wonder if a more elegant (and RFC acceptable) solution might be to set up an Email Account Forwarder configured to "Discard" for each of the two accounts in question; which does send to /dev/null without a bounce (tested and confirmed)

That way, mails to legitimate mailboxs will still get bounce messages as necessary