Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

spam email to user who no longer exists

Discussion in 'E-mail Discussion' started by keat63, Jan 4, 2019.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,207
    Likes Received:
    75
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I've 2 users on a domain who no longer exist, and haven't done for a considerable number of years (10 or more).
    These email addresses must be on a spam mailing list somewhere as I'm seeing outbound bounce messages every few minutes 24/7 in my exim reject log.

    Yesterday, I sampled 100 records to see if there were any patterns in the sending IP's, but couldn't really see anything standing out, maybe 4 or 5 duplicate IP's at most, so it wouldn't be practical to block them in CSF.

    I'm mindful that whilst nothing is being delivered, the server is working on these messages and bounces, when it could be doing something else instead.

    Could anyone suggest anything to help.
     
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    441
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Set up Global Email Filters for that domain to check the two specific To addresses and discard them, which I believe will route them to /dev/null rather than bouncing them.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,207
    Likes Received:
    75
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I tried that shortly after posting my original thread, but I'm still seeing the outbound bounce messages.
    I suspect it's because the email account doesn't exist, that the global filter doesn't work. ?
     
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,207
    Likes Received:
    75
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    In the account cpanel, I remembered the 'default address' option, which I've now set to blackhole.
    Lets see what this does over then next hour.
     
  5. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    441
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Yes you are right. I just ran some tests and it sends the bounce message before it looks at any domain filters.

    Setting the cPanel domain Default address option to Discard should blackhole it without a bounce
    This will however impact sending mail to working accounts that may not be delivered (eg mailbox full) and the sender will never know.

    Default Address - Version 76 Documentation - cPanel Documentation
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,207
    Likes Received:
    75
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    There are only 2 accounts on that domain these days, niether of which have limited space and one of those is barely utilised.
     
  7. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    441
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    I wonder if a more elegant (and RFC acceptable) solution might be to set up an Email Account Forwarder configured to "Discard" for each of the two accounts in question; which does send to /dev/null without a bounce (tested and confirmed)

    That way, mails to legitimate mailboxs will still get bounce messages as necessary
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,790
    Likes Received:
    442
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    You might also set up an exim system filter - I believe that would be processed before the bounce would in either case.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice