The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Urgent!! user sending mailing as a gmail user!!

Discussion in 'E-mail Discussions' started by bsasninja, Aug 24, 2006.

  1. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    I noticed a customer that setup his outlook with a gmail account but is using my smtp server and authenticating through it for sending mails.

    Is there a way in exim to block outgoing e-mails from address like:

    *@gmail.com
    *@yahoo.com
    *@hotmail.com
    *@aol.com


    I hope you Chirpy have a solution to this.

    Thank you
     
  2. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brasil
  3. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    Ok

    Thanks for the reply, but I have other problem with this rule, this avoid that users forge common addresses and send through the server that is fine.
    But today at the filter.log I found that is blocking e-mails at phpbb administrator config or even the contact forms of my site.

    This is what I have in antivirus.exim:

    logfile /var/log/filter.log
    if (
    $received_protocol is "local" or
    $received_protocol is "esmtpa"
    ) and (
    $header_from contains "@hotmail.com" or
    $header_from contains "@yahoo.com" or
    $header_from contains "@aol.com"
    ) then
    logwrite "$tod_log $message_id from $sender_address is forged fake"
    seen finish
    endif


    Log file looks like this

    date message id xxxx@hotmail.com is forged fake
    date message id xxxx@hotmail.com is forged fake
    date message id xxxx@hotmail.com is forged fake
    date message id myuser@server1.myserver.com is forged fake -> why is blocking my form if its not especified??¿

    At exim_mainlog appears this:

    2006-08-25 13:33:47 1GGect-0001y0-5B <= myuser@server1.myserver.com U=myuser P=local S=472 T="Thanks for writing us" from <myuser@server1.myserver.com> for mail@mydomain.com

    and when it block some mail at a phpbb forum or other app that rewrite sender, log this:

    2006-08-25 11:55:59 1GGd6F-0003Sv-0q "nobody@server1.myserver.com" from env-from rewritten as "username@gmail.com" by rule 1
    2006-08-25 11:55:59 1GGd6F-0003Sv-0q <= username@gmail.com U=nobody P=local S=1069 id=3f4e19fa86634d2acef4f78242f78c05@domain.com T="Welcome to Forums" from <nobody@server1.myserver.com> for username@yahoo.com


    Do it has to be with rewriting the sender?? is there a way to avoid that with a rule???

    Thank you!
     
    #3 bsasninja, Aug 25, 2006
    Last edited: Aug 25, 2006
  4. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    ok

    I think the problem is here:

    if $received_protocol is "local" or
    $received_protocol is "esmtpa"

    The rule is telling to block every message sent "local" and via "esmtpa" (mail client)

    I will try removing $received_protocol is "local" to avoid form problems and leaving only $received_protocol is "esmtpa"

    I will let you know..
     
  5. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    yes, that was the problem. Now is blocking only forged address sent through authenticated accounts with a mail client.

    Would be great to apply this localy but the rewrite sender is the problem.

    If anyone has lucid mind to fix this post it here, i´ll take a cup of coffee now :D

    Bye!
     
Loading...

Share This Page