Skip to main content

Block e-mail addresses from e-mailing any user on server

jtgroup
Hello everyone, We have been having a lot of issues with spam recently and have decided to start managing some of it in house rather than relying on automatic filters. This morning I have created a block list based on the instructions here ( WHM - Block server from receiving e-mails from particular domains ) to block particular domains from e-mailing anyone on the server. My next step is to block individual accounts from being able to contact anyone on any domain hosted on our server. The problem being that we still get the occasional person spamming from say a Yahoo account. Obviously we do not want to block every Yahoo account from being able to send us messages but it would be helpful if we could block individual ones. Would it be possible to add individual e-mail addresses to the same blacklist (as I created earlier using those steps) or is that one only suitable for full domains? I hope that makes sense. Kind regards James

Comments

11 comments

Date Votes
  • keat63
    Youre creating a rod for your own back and an almost impossible task. Compiling lists of offending spammers would be all but impossible. You might get 10 spam emails from one sender and none ever again. They tend to use bots, with throw away email addresses. An easier solution for starters would be to use RBL's. In Exim Config under RBL's, click manage custome rbl's and add the following few entries. AbuseAT cbl.abuseat.org https://www.abuseat.org/ Barracuda b.barracudacentral.org http://www.barracudacentral.org/rbl/removal-request SemFresh30 fresh30.spameatingmonkey.net https://spameatingmonkey.com/services/SEM-FRESH30 SemURIBL uribl.spameatingmonkey.net https://spameatingmonkey.com/services/SEM-URI semblack bl.spameatingmonkey.net https://spameatingmonkey.com/services/SEM-BLACK spamcop bl.spamcop.net http://spamcop.net/bl.shtml
    screenshot attached
    0
  • keat63
    Also, CSF mailscanner has tools built in to block specific email addresses. You can blacklist at the click of a button. It's not free, but it's not expensive either.
    0
  • jtgroup
    Hi Keat, Thank you. I agree and we do use RBLs but some of the time we notice that it takes weeks for them to catch up and block some of the spammers. We'd like to have this in our arsenal as well if possible. Would it be possible to add e-mail addresses to that list as well or will it only work with domains? Kind regards James
    0
  • keat63
    Maybe it's possible to create your own RBL and configure exim to use that as well. Just point the url to your own file. You could 'I guess' put anything you want in your own RBL, but this really would be a thankless task one of which which you will soon get bored of, im sure. CSF mailscanner has a gui, you select the email you wish to blacklist and click the blacklist button, but even that is tiresome. Some spammers set up an email, use it for a few days, get blacklisted and dump it in favour of another. Those spameatingmonket RBL's look at the age of a domain and block based on this. I've also changed the scores on some of the spamassasin rules which has helped a little.
    0
  • cPanelMichael
    Hello James, Have you considered some of the other SPAM prevention methods first to see if blacklisting individual email accounts is still necessary? For instance, the How to Customize the Exim System Filter File - cPanel Knowledge Base - cPanel Documentation This won't add it to your custom RBL list, but it's able to effectively prevent an individual email account from sending emails to any of the domains hosted on the server. Thank you.
    0
  • Gino Viroli
    An easier solution for starters would be to use RBL's. In Exim Config under RBL's, click manage custome rbl's and add the following few entries. AbuseAT cbl.abuseat.org https://www.abuseat.org/ Barracuda b.barracudacentral.org http://www.barracudacentral.org/rbl/removal-request SemFresh30 fresh30.spameatingmonkey.net https://spameatingmonkey.com/services/SEM-FRESH30 SemURIBL uribl.spameatingmonkey.net https://spameatingmonkey.com/services/SEM-URI semblack bl.spameatingmonkey.net https://spameatingmonkey.com/services/SEM-BLACK spamcop bl.spamcop.net http://spamcop.net/bl.shtml

    I thought AbuseAT Info Url is ) Out of curiosity, I can see you are not using sorbs, is there a reason for this choice?
    0
  • keat63
    I believe the http's are purely for reference, so don't really matter. These are the ones I currently use. AbuseAT cbl.abuseat.org https://www.abuseat.org/ Barracuda b.barracudacentral.org http://www.barracudacentral.org/rbl/removal-request SemFresh30 fresh30.spameatingmonkey.net https://spameatingmonkey.com/services/SEM-FRESH30 SemURIBL uribl.spameatingmonkey.net https://spameatingmonkey.com/services/SEM-URI semblack bl.spameatingmonkey.net https://spameatingmonkey.com/services/SEM-BLACK spamcop bl.spamcop.net http://spamcop.net/bl.shtml spamhaus zen.spamhaus.org http://www.spamhaus.org/zen/index.lasso
    which works well, I couldn't quite figure out how to use sorbs. I'd be interested to see the Custom RBL entries for this.
    0
  • Gino Viroli
    SemFresh30 fresh30.spameatingmonkey.net https://spameatingmonkey.com/services/SEM-FRESH30 SemURIBL uribl.spameatingmonkey.net https://spameatingmonkey.com/services/SEM-URI

    Isn't fresh30.spameatingmonkey.net too strict, I read Using SORBS)
    0
  • keat63
    I feel that using any technique for reducing unwanted spam is down to how far you want to personally go, you mitigate your own risk. 30 days might be a little strict, but i work on the basis that any domain less than 30 days old, has a high chance of being a spamming domain. A risk I'm prepared to take. I'm sure if a customer wanted to contact us and couldn't, he'd probably call instead.
    0
  • Gino Viroli
    I feel that using any technique for reducing unwanted spam is down to how far you want to personally go, you mitigate your own risk. 30 days might be a little strict, but i work on the basis that any domain less than 30 days old, has a high chance of being a spamming domain. A risk I'm prepared to take. I'm sure if a customer wanted to contact us and couldn't, he'd probably call instead.

    I agree with you, I'm still surprised that fresh30.spameatingmonkey.net works, as I said I thought WHM > Exim > RBL could only look for IPs, not domains. Anyway I have just seen there are also SEM-FRESH, SEM-FRESH10, SEM-FRESH15 to reject messages coming from domain registered in the last 5, 10, 15 days.
    0
  • keat63
    I believe this might be a little overkill. I'm under the impression that the 15-day list contains those that are in both the 5 and 10-day list, so there would be no need for the 5 and 10-day lists if you're utilising the 15 day one
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post