Receiving spam to Mailer-Daemon@myserverdomain.com

SSy

• July 25, 2018 03:23

Hi there - in the last few days I'm getting lots of spam to the Mailer-Daemon email address - these are not bounces but rather emails sent directly to it. How do I disable this? Thanks.

• 

  cPanelMichael

  • July 25, 2018 17:43

  Hello @SSy, Can you provide the output from /var/log/exim_mainlog for one of the offending emails? EX: exigrep Subject /var/log/exim_mainlog
  Replace "Subject" with the subject of one of the offending messages. Ensure to paste the output in CODE tags and to remove references to real domain names and IP addresses. Thank you.

  0
• 

  SSy

  • July 26, 2018 04:29

  2018-07-26 00:09:42 1fiXav-002d0m-8r <= 2484482187@domain.com H=(domain.com) [IP.IP.IP.IP]:58358 P=smtp S=6394 id=bf9f801e6f992ceada0533540e6883c4@domain.com T="8\345\277\253\345\277\253 \345\212\240\344\274\201\351\271\2051960009745 \345\205\215\350\264\271\351\200\201188\347\266\265\351\207\221 \345\234\260\345\235\200554638 \345\205\270C0M \r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r" for Mailer-Daemon@mydomain.com 2018-07-26 00:09:42 1fiXav-002d0m-8r SMTP connection identification D= O=root@mydomain E=email@gmail.com M=1fiXav-002d0m-8r U=root ID=0 B=redirect_resolver 2018-07-26 00:09:42 1fiXav-002d0m-8r check_mail_permissions could not determine the sender domain [routed_domain=gmail.com message_exim_id=1fiXav-002d0m-8r sender_host_address=IP.IP.IP.IP recipients_count=1] 2018-07-26 00:09:43 1fiXav-002d0m-8r => me (root@mydomain.com, postmaster@mydomain.com) R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 4Z2RBIdJWVvRjQkAMSDWvQ Saved" 2018-07-26 00:09:43 1fiXav-002d0m-8r ** email@gmail.com (root@mydomain.com, postmaster@mydomain.com) R=lookuphost T=remote_smtp H=gmail-smtp-in.l.google.com [209.85.232.26] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes: SMTP error from remote mail server after end of data: 550-5.7.1 This message does not have authentication information or fails to pass\n550-5.7.1 authentication checks. To best protect our users from spam, the\n550-5.7.1 message has been blocked. Please visit\n550-5.7.1 https://support.google.com/mail/answer/81126#authentication for more\n550 5.7.1 information. y51-v6si299404qth.95 - gsmtp 2018-07-26 00:09:43 1fiXav-002d0m-8r Completed
  

  0
• 

  cPanelMichael

  • July 26, 2018 15:51

  Hello @SSy, If the SPAM is targeted towards a specific domain name, then you can setup a global email filter to discard or reject the emails sent to Mailer-Daemon@domain. Here's some documentation to help with this: Global Email Filters - Version 72 Documentation - cPanel Documentation How to Configure Mail Filters - cPanel Knowledge Base - cPanel Documentation That said, a better approach is to attempt to prevent the server from receiving the SPAM in the first place. Do you use the Greylisting feature? I often see reports from customers noting it's effectiveness at stopping SPAM: Greylisting - Version 72 Documentation - cPanel Documentation Let me know if this helps. Thank you.

  0
• 

  SSy

  • July 26, 2018 17:51

  Hi Michael - I'm confused - why is the server accepting external mail for that and routing it to me to begin with?

  0
• 

  cPanelMichael

  • July 26, 2018 17:53

  Hi Michael - I'm confused - why is the server accepting external mail for that and routing it to me to begin with?

  
  Hello, Can you confirm what you configured for the domain name receiving those emails under the Default Address option in cPanel? Thank you.

  0
• 

  SSy

  • July 26, 2018 17:57

  This is not a domain in cPanel - this is my whole WHM server hostname. So if my hostname is server.net it is sending to Mailer-Daemon@server.net and routing it to my contact email in WHM settings. How do I disable this? I can't add this as a domain either as it is my hostname.

  0
• 

  cPanelMichael

  • July 26, 2018 18:16

  Hello @SSy, Thank you for clarifying. Here's a recent answer from a support ticket where the same question was asked: [QUOTE] The best way to manage incoming Mailer-Daemon is to use a system Exim filter. The filter would be placed in a filename of your choice in /usr/local/cpanel/etc/exim/sysfilter/options/. A file of /usr/local/cpanel/etc/exim/sysfilter/options/postmaster would be an example. Then in that file, you would place the filter. Please keep in mind that we do not write filters but the following is provided as a courtesy. Any modifications would need to be done by you or a systems administrator you've obtained. if $h_to: contains "Mailer-Daemon@" and $h_from: does not contain "Mailer-Daemon@" then save "/dev/null" 660 endif This filter will take any email that is to Mailer-Daemon and not from Mailer-Daemon@ and delete that email. Once this file is created in /usr/local/cpanel/etc/exim/sysfilter/options/ you can log into WHM and then go to "Exim Configuration Manager" and make sure that custom filter is enabled and then scroll down and save. This should get those emails filtered our and not be delivered.
  Documentation on the system filter file is available at: How to Customize the Exim System Filter File - cPanel Knowledge Base - cPanel Documentation Thank you.

  0
• 

  AndyB78

  • March 19, 2019 11:41

  Hi, Thank you for the filter above but the mails filtered by it remain in the queue with this error: /dev/null routing defer (-1): system_filter_file_transport is unset Any suggestions? Thanks!

  0
• 

  cPanelMichael

  • March 19, 2019 14:33

  /dev/null routing defer (-1): system_filter_file_transport is unset

  
  Hello @AndyB78, Try changing the following section of the filter rule: then save "/dev/null" 660 endif
  To: then noerror seen finish endif
  Thank you.

  0
• 

  AndyB78

  • March 20, 2019 05:39

  Hi, Is this going to silently discard the message? Thanks!

  0
• 

  cPanelMichael

  • March 20, 2019 16:19

  Hello @AndyB78, Yes, it discards the message without notification (blackhole). Here's a link to Exim's documentation on this rule: 3. Exim filter files Thank you.

  0

Please sign in to leave a comment.