Skip to main content

Block e-mail sender server wide

Comments

17 comments

  • keat63
    Assume these external email addresses. Eg, you want to stop somebody.com sending to all domains on your server ? You can create an exim blacklist. Take a look at post 3. or If you know the IP of the offending server, Block the IP in CSF Firewall. or Purchase and install CSF MailScanner and block them from there.
    0
  • cPanelMichael
    Hello James, The information in the previous post should help. Let us know if you have any questions. Thanks!
    0
  • jlucho
    hi guys I have the same search for example, a sender: public@domain.com, he sends me messages and also to my hosting clients. The current version of cPanel contemplates blocking specific senders, so that it cannot send me, and neither my hosting users?
    0
  • cPRex Jurassic Moderator
    @jlucho - if you perform the work previously mentioned, that user would be blocked from your server. You could also block that user's IP address in the server's firewall so they can't connect to your machine at all.
    0
  • jlucho
    hi I followed the indicated steps : later :
    0
  • keat63
    I found that the exim blacklist wasn't fool proof. CSF Mailscanner, whilst not free, it's not expensive either. It's a brilliant tool for such as this. You can block an email or a TLD at server level. I'm not affiliated with CSF, but do highly recommend this tool.
    0
  • cPRex Jurassic Moderator
    @jlucho - you're always welcome to open a ticket as well if things aren't working how you expect so we can check that directly on your server.
    0
  • murky.debate.3185
    I found that the exim blacklist wasn't fool proof. CSF Mailscanner, whilst not free, it's not expensive either. It's a brilliant tool for such as this. You can block an email or a TLD at server level. I'm not affiliated with CSF, but do highly recommend this tool.

    (Newbie) Hi, where do i install the CSF mailscanner? I have my own one.com domain.
    0
  • cPRex Jurassic Moderator
    @murky.debate.3185 - if you have root access to the server, this would be something you install on the command line over an SSH connection.
    0
  • ITHKBO
    (Newbie) Hi, where do i install the CSF mailscanner? I have my own one.com domain.

    If you purchased the Front-end license (MSFE) you can follow the instructions below to get the basic setup done. However as mentioned you need commandline, terminal access. You would start with following the instructions here for the basic mailscanner: Take note the first part in the instructions deals only with the prerequisites Razor and DCC after which at step 3 you get another script for the frond-end and automated installation. If you rather not rely on a third party for the installation instructions at all the official developer instructions are availiable at
    0
  • WorkinOnIt

    Hey cPRex

    I know this topic is a bit old, but I really need to block a single spammer who keeps using the contact from on different websites on one server (clearly they have been digging IPs and have found the various domains on a server).  Basicly, I need to create a "deny senders" ACL list.

    The message is 100% spam and I need to block this single sender (gmail address) across the server, but also have the option to add others as and when.  Would the following work - modified from the help article here: 

    https://support.cpanel.net/hc/en-us/articles/360055304654-How-to-block-spam-email-by-subject-for-the-entire-server

     

    touch /usr/local/cpanel/etc/exim/sysfilter/options/block_email.conf
    if ("$h_sender:" contains "spammer@gmail.com")
    then fail
    endif

    • Login to WHM as the root user and navigate to Exim Configuration Manager
    • Click on the Filters tab - verify that the custom filter is enabled, or disable the filter if you desire to do so.

    I also looked at this external link, but unsure if this kind of command would work in cPanel exim set up?

    https://www.tekovic.com/blog/exim-acl-for-blocking-certain-senders/#sthash.Cmjt5iHc.dpuf

     

     

    0
  • cPRex Jurassic Moderator

    cPanel fully supports custom Exim ACLs as long as you add them in the correct area through WHM >> Exim Configuration Manager.  What we *don't* support is actually hacking together custom rules for you, as I'm pretty sure my whole job would turn into me being a custom mail system manager :D

    0
  • WorkinOnIt

    Hi cPRex just coming back to this.

    Thanks.  Where in EXIM > Advanced could I add the following?  

    deny
      senders = user1@gmail.com : user2@gmail.com : newuser@example.com
      log_message = Blocked email from $sender_address
      drop

    Or do I need to create a file here:   

    /etc/exim/custom_blocklist.conf

     

    I would ideally like to be able to add spammers to this list from within WHM (as I can do with the filter for domains) - is that possible to do, or is it better to simply keep adding the blocklist via ssh

    0
  • cPRex Jurassic Moderator

    There isn't going to be a way to add them through WHM - that sounds like creating a custom plugin to modify that custom_blocklist.conf file.  BUT...you can get that into Exim with just a few clicks.

    In the Advanced Editor page you can go to this section and add that code:

    and then save the changes, and then start editing that file.  Try it out, and let me know if that doesn't go as planned.

    0
  • cPRex Jurassic Moderator

    Actually, if you're just looking to do a domain block, could you not use this tool?

    https://docs.cpanel.net/whm/email/filter-incoming-emails-by-domain/

    0
  • WorkinOnIt

    cPRex nice one thanks.  Yes, I know about the domain blocker, but this is to block individual @gmail and sometimes @outlook spammers who have discovered the server IP and then done a reverse IP lookup and gone through a DNS search to find associated user account domains on the server - and then spamming all of the website owners' email addresses.  I figure if I block that single @gmail account at the server level, then whatever email they send directly to info@example.com - just won't go anywhere.  I had seen the BEGINACL custom box and was going to use that but thought I'd better ask about it first! I think that will cover part of the issue here.

    The next problem is many of the server websites use wordpress contact form 7 and although the contact form has a honeypot and antispam, these @gmail users are happy to craft individual emails,  thereby getting through the cloudflare checks, the honeypots and the anti-spams - because they are "real".  I would love to know any way to stop these @gmail submissions from a contact form, but as the Contact Form 7 sends the email from the website admin email (e.g. contactform@example.com ) - obviously the EXIM filter would have no effect on this type of spam ans EXIM won't be seeing the Gmail address (the contact form 7 only adds the sender's email as a "reply to").

    In the end, it seems there is not much that can be done for persistent "human" spammers.  Reporting the spammer to Gmail does nothing of course, and warning server hosting customers is not really very professional "sorry there's nothing we can do, just ignore the @gmail guy"... Hmmm

     

    0
  • cPRex Jurassic Moderator

    In the end, it seems there is not much that can be done for persistent "human" spammers.  

    Oh I hate email so much.  We keep tacking on protocols and "security" methods to a tool that is ancient.  It really needs a total overhaul, but good luck getting the entire world of email to agree on that.

    0

Please sign in to leave a comment.