Blocking email spam to non existing user account after reaching certain number of fails?
Hi everyone,
As title suggest, is there a way to automatically block or disable the sender's email for certain amount of time (after receving no of failed emails) before they can send again? we got flooded of spam mails to users who does not exist in our domain and this may cause additional process or stress to our domain server.
I already enabled the Dictionary attack protection in the WHM - Exim configuration manager - ACL but I'm not sure how it really works as you can see in my screenshot:
Does it need to be separate email send time or must be received by a existing user first to be flagged as a dictionary attack? I only saw it twice to be flagged it as dictionary attack but only after it went to a existing user after couple of fails to non existing users.
But most of the time, it will be just flood of email fails to non existing users.
I don't want to create a 'blackhole' catch as this may cause problems to legit senders to verify if their email received successfully to the other end. Blocking/discarding the spammer email account will be just a temporary solution as they will create another email account to do their spam email activities.
Thank you and regards.
-
Hey there! Just to confirm, were all the emails sent from the same sender? 0 -
Hey there! Just to confirm, were all the emails sent from the same sender?
Yes, it came from one sender most of the times (there was an instances of two different senders but their emails are in different time of the day).0 -
Thanks for the additional details. There aren't any tools in cPanel that would automatically setup a firewall-level block of the IP address. However, other services like CSF, although not officially supported by us, do have this functionality that you can add with some custom code. One example of this can be found here: 0
Please sign in to leave a comment.
Comments
3 comments