The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Stop Incoming Email Except from External Spam Filter

Discussion in 'E-mail Discussions' started by ndian, Sep 24, 2009.

  1. ndian

    ndian Registered

    Joined:
    Sep 24, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I'll try to describe my problem as best as possible. I've tried searching but couldn't find anything that quite matched my situation.

    I'm running a dedicated server offsite with at least 40 domain's email running through an exim mail server. Recently, we purchased a Barracuda to place onsite, and I pointed all MX records to the Barracuda, which then pushes the email from our network to the offsite server.

    My problem is this: I run all of the domain's incoming mail through the barracuda, but spammers are still targeting our mail server directly, thus bypassing the filtering. Outgoing mail from our server does not pass through the barracuda.

    My question: How would I configure the exim mail server to only accept incoming mail from the barracuda, or basically, stop the incoming spam hitting our server directly?

    This is the first time I've routed email from a local filter to an external server, so specific instructions would be MUCH appreciated.

    Running Exim 4, WHM 11, CPanel 11

    Thanks!
     
  2. MattCurry

    MattCurry Well-Known Member

    Joined:
    Aug 18, 2009
    Messages:
    275
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Houston, Tx
    Email Customization

    Hello,

    I do see what you are trying to do, however it appears as though you are trying a customization that we could not support directly. Although that is not to say it can't be done. I would recommend taking a look at this site:
    43. System-wide message filtering
    I hope that helps, please let me know if there is anything else I can do for you.

    Thank you,
    Matthew Curry
     
  3. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Is there some reason you can't just simply limit incoming connections to Port 25 (SMTP) to just the single service / IP you want to receive from and reject anything else that is incoming?

    Code:
    # iptables -A INPUT -s ! x.x.x.x -p tcp --dport 25 -j REJECT
    (In the above, 'x.x.x.x' is the IP address or CIDR range you wish to allow incoming access)

    PS: Don't forget the exclamation point, else the filter will do the exact opposite!
     
    #3 Spiral, Sep 25, 2009
    Last edited: Sep 25, 2009
  4. cPanelStephen

    cPanelStephen Active Member
    Staff Member

    Joined:
    Aug 7, 2007
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    You can accomplish this by going to WHM -> Exim Configuration Editor -> Advanced Editor, and adding the following to the very top of the 'acl_connect' ACL (before [% ACL_CONNECT_BLOCK %]).

    Code:
        accept hosts = :
        deny  
            !hosts = @[] : net-iplsearch;/etc/trustedmailhosts 
            message = This server does not handle mail directly
    
    This assumes that you have the IP for the external spam filter in /etc/trustedmailhosts. The '@[]' instructs exim that you'd like to also accept mail from all local IPs. If this is not the case, you can remove the '@[] :', leaving only the netip-lsearch for /etc/trustedmailhosts.

    The first line 'accept hosts = :' indicates that messages which originate locally from a non-tcp source should be accepted as well (e.g. calling exim directly from the command line or a script).

    This will cause the following message to be output when any non-trusted hosts connect:

    root@toothpick [~]# exim -oMa 4.2.2.1 -bs
    550 This server does not handle mail directly
    root@toothpick [~]#
     
  5. ndian

    ndian Registered

    Joined:
    Sep 24, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the tips!
    Reason being, I have clients from all over connecting to my server with their mail clients. Their outgoing mail does not send through the barracuda box, only through the server. Therein lies the problem: If I block port 25, the incoming mail will be fine, but (the way i understand it) outgoing mail would all be blocked.

    @cpanelstephen: Thanks! I think that may be the exact thing I need in order to block incoming, yet allow outgoing mail for my local IPs :D :D . I'll give that a try today and report back to see how it works!
     
  6. DomineauX

    DomineauX Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    414
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Closing incoming on port 25 would have been ok if you have all the clients send through an alternate smtp port for exim but Stephen's answer sounds like the best way to go.
     
  7. ndian

    ndian Registered

    Joined:
    Sep 24, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I've implemented the method suggested by Stephen, and so far it seems to be running perfectly. I'll have to wait until tomorrow to see if some of the usual spam comes through, but THANK YOU so much.

    I could have done that, but it would have been a daunting task to contact 500 email users to change their outgoing port :P. I'd be getting calls for days from 20 different people who can't follow directions..
     
  8. DomineauX

    DomineauX Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    414
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Just to let you know, Stephen ended up using this as an example in the Exim Debugging (and a bit of advanced configuring) session at the CPanel conference today.

    Thanks for giving him a good idea to utilize.
     
  9. ndian

    ndian Registered

    Joined:
    Sep 24, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Glad he got something out of it! I'm honored lol.
     
  10. tallalkazmi

    tallalkazmi Registered

    Joined:
    Oct 19, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Spam Filtering Algorithms

    I am working on developing an algorithm to stop spam on the server side. I have gone through many approaches but i need to choose the best approach available. I need some suggestions to go on with the project on which technique to choose. A quick reply is appreciated.
     
  11. santrix

    santrix Well-Known Member

    Joined:
    Nov 30, 2008
    Messages:
    223
    Likes Received:
    2
    Trophy Points:
    18
    Sorry for relaunching this thread, but I have a similar but slightly more complex requirement.

    We accept mail for a number of domains (but not all) via an external spam filter. Obviously, for those domains, I only want to accept mail from the filtering servers, and not from anyone else.

    I can't see a way to achieve this at the IP level as it means establishing the connection and looking inside the mail headers.

    I expect this belongs somewhere after the ACL CONNECT block in exim.conf, but I'm currently clueless as to where. exim.conf isn't currently one of my comfort zones!

    I need a rule that says something like

    If [recipient domain] is in
    • and HOST != [safehostlist] then reject [with or without message]

      Steve
     
  12. santrix

    santrix Well-Known Member

    Joined:
    Nov 30, 2008
    Messages:
    223
    Likes Received:
    2
    Trophy Points:
    18
    OK, moving on... I created two files

    /etc/filterip containing a list of ip address of the filter machines
    /etc/filterdomains containing a list of domains that must come via the filter machines

    Then, at the top of exim.conf I add

    Code:
    hostlist filter_hosts = net-lsearch;/etc/filterip :  net-lsearch;/etc/relayhosts
    domainlist filter_domains = lsearch;/etc/filterdomains
    So far so good.. but then I think I need to add something like this in the check_recipient block after 'accept hosts = :' line:

    deny
    !hosts = +filter_hosts
    domains = +filter_domains
    message = Please use the proper domain MX record

    However, I'm not sure this is right, or if there is any way to get this in there using advanced editor... it doesn't allow me to insert (in a sticky fashion) anything into that exact area... unless of course I can find where the internal cpanel templates are kept and update those after each upcp...

    I think I'm close to the answer - someone please help!
     
  13. santrix

    santrix Well-Known Member

    Joined:
    Nov 30, 2008
    Messages:
    223
    Likes Received:
    2
    Trophy Points:
    18
    OK, for anyone who is interested, I have documented the procedure I followed to achieve this here:

    How to Configure Exim to receive email for domain only from specific IP addresses « Revert to Type

    This allows me to filter incoming mail connections to exim for specific domains, limiting them to a specified list of safe incoming relays.

    I'm no exim guru (not by far), so please feel free to comment on any caveats or improvements that should be noted - I will of course credit any such help. :)
     
  14. DF-Duncan

    DF-Duncan Member

    Joined:
    Feb 15, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    Thanks for sharing this, and for the great documentation.

    ** Just realised very old thread, sorry for the bump, but wanted to say thx for the info on this **
     
    #14 DF-Duncan, Jul 6, 2010
    Last edited: Jul 6, 2010
Loading...

Share This Page