Block incoming emails from domain
Is it possible to block incoming emails from a specific domain? Some of our users have setup contact forms without captchas and are being targeted with spam from a list of @qq.com emails. Is it possible to block emails from this domain completely?
-
Hello, Yes, you can setup a custom Exim system filter rule if you want to apply a filter globally. We document how to set this up at: How to Customize the Exim System Filter File - cPanel Knowledge Base - cPanel Documentation Thank you. 0 -
That's seems easy. if ("$h_from:" contains "@qq.com") then fail endif
Would that do it? Also, just to be clear - would blocking all incoming messages from @qq.com accounts be a bad thing? I've never seen a legitimate email coming from any account with the qq.com domain.0 -
Hello, I don't see any harm in blocking all messages from a specific domain name if you know there is no legitimate mail sent from it. Here's an example of how the filter rule should look like: if $header_from: contains "@qq.com" then if error_message then save "/dev/null" 660 else fail "Messages from this domain are blocked." endif endif
Thank you.0 -
Hello, in case I need apply this rule to more than one email address or domain, is possible add more lines between "if" and "then"? or what is the method for that? Thank you! 0 -
in case I need apply this rule to more than one email address or domain, is possible add more lines between "if" and "then"? or what is the method for that?
Yes, you'd just insert it using "OR" like this:if $header_from: contains "qqq.com" or $header_from: contains "zzz.com" then if error_message then save "/dev/null" 660 else fail "Messages from this domain are blocked." endif endif
Thank you.0 -
To block Hosts or Host ips we should use $sender_host_address or $received_ip_address instead of $header_from ? 0 -
To block Hosts or Host ips we should use $sender_host_address or $received_ip_address instead of $header_from ?
Hello, Per Exim's documentation: $sender_host_address: When a message is received from a remote host, this variable contains that host's IP address.
$sender_host_name: When a message is received from a remote host, this variable contains the host's name as verified by looking up its IP address. If verification failed, or was not requested, this variable contains the empty string.
However, you should still be able to use the "Any Header" option with the "contains" operator to achieve the same thing (e.g. Any Header contains 10.1.1.1). Thank you.0 -
Code: if $header_from: contains "qqq.com" or $header_from: contains "zzz.com" then if error_message then save "/dev/null" 660 else fail "Messages from this domain are blocked." endif endif
Can you please describe how to modify this so that the email is discarded silently with no bounce message to the sender?0 -
Can you please describe how to modify this so that the email is discarded silently with no bounce message to the sender?
In this case, the rule would look something like this:if $header_from: contains "abc.tld" or $header_from: contains "123.tld" then save "/dev/null" 660 endif
Note can create filter rules in cPanel (using a test account) and then view them from the command line as a method of determining which filter rules to utilize. Thank you.0 -
In this case, the rule would look something like this:
if $header_from: contains "abc.tld" or $header_from: contains "123.tld" then save "/dev/null" 660 endif
Note can create filter rules in cPanel (using a test account) and then view them from the command line as a method of determining which filter rules to utilize. Thank you.
Michael I noticed that the Mail queue in WHM (Home "Email "Mail Queue Manager) contains a lot of emails all of them from the domains listed hereif $header_from: contains "abc.tld" or $header_from: contains "123.tld" then save "/dev/null" 660 endif
For example abc.tld and 123.tld. is there anyway those messages are discarded and be forgotten once and for all?0 -
Hello, Can you let us know of any specific error messages when you attempt to deliver one of the messages in the queue? Also, what's a corresponding entry for one of the messages in the queue from /var/log/exim_mainlog? EX: exigrep user@domain /var/log/exim_mainlog
Thank you.0 -
Hello, Can you let us know of any specific error messages when you attempt to deliver one of the messages in the queue? Also, what's a corresponding entry for one of the messages in the queue from /var/log/exim_mainlog? EX:
exigrep user@domain /var/log/exim_mainlog
Thank you.
I went ot the queue and tried to deliver one of those messages. I got this outputLOG: MAIN cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 1f6cta-000287-Se delivering 1f6cta-000287-Se LOG: MAIN original recipients ignored (system filter) LOG: MAIN PANIC == /dev/null routing defer (-1): system_filter_file_transport is unset
exim_mainlog looks like this for this email ID2018-04-28 06:59:25 1f6cta-000287-Se == /dev/null routing defer (-1): system_filter_file_transport is unset 2018-04-28 07:29:25 1f6cta-000287-Se original recipients ignored (system filter) 2018-04-28 07:29:25 1f6cta-000287-Se == /dev/null routing defer (-1): system_filter_file_transport is unset 2018-04-28 07:59:25 1f6cta-000287-Se original recipients ignored (system filter) 2018-04-28 07:59:25 1f6cta-000287-Se == /dev/null routing defer (-1): system_filter_file_transport is unset 2018-04-28 08:29:33 1f6cta-000287-Se original recipients ignored (system filter) 2018-04-28 08:29:33 1f6cta-000287-Se == /dev/null routing defer (-1): system_filter_file_transport is unset 2018-04-28 08:59:28 1f6cta-000287-Se original recipients ignored (system filter) 2018-04-28 08:59:28 1f6cta-000287-Se == /dev/null routing defer (-1): system_filter_file_transport is unset 2018-04-28 09:29:25 1f6cta-000287-Se original recipients ignored (system filter) 2018-04-28 09:29:25 1f6cta-000287-Se == /dev/null routing defer (-1): system_filter_file_transport is unset 2018-04-28 09:59:29 1f6cta-000287-Se original recipients ignored (system filter) 2018-04-28 09:59:29 1f6cta-000287-Se == /dev/null routing defer (-1): system_filter_file_transport is unset 2018-04-28 10:07:39 cwd=/usr/local/cpanel/whostmgr/docroot 3 args: /usr/sbin/exim -Mvh 1f6cta-000287-Se 2018-04-28 10:07:39 cwd=/usr/local/cpanel/whostmgr/docroot 3 args: /usr/sbin/exim -Mvb 1f6cta-000287-Se 2018-04-28 10:08:32 cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 1f6cta-000287-Se 2018-04-28 10:08:32 1f6cta-000287-Se original recipients ignored (system filter) 2018-04-28 10:08:32 1f6cta-000287-Se == /dev/null routing defer (-1): system_filter_file_transport is unset
0 -
Hello @EneTar, Keep in mind that assistance with custom Exim filter rules is generally outside our scope of support. I recommend reaching out to a qualified system administrator, or posting to the Exim User's mailing list for in-depth technical assistance with custom filter rules. That said, one solution to try is to change the following section of your filter rule: then save "/dev/null" 660 endif
To:then noerror seen finish endif
Exim documents this at: 3. Exim filter files Thank you.0 -
Hello :) For anyone reaching this thread after searching for how to globally block incoming emails from specific domains, cPanel & WHM version 84 includes a new feature with this functionality: Implemented case CPANEL-28808: Give Exim the ability to block incoming mail from domains.
Here's a glance at this feature as seen in WHM >> Email >> Filter Incoming Emails by Domain on a server running cPanel & WHM version 83.9999.137 (this is a development build for version 84): Thanks!0 -
Great stuff, @cPanelMichael ! This interface accepts IDNs. Now we just need the rest of cPanel to do so as well ;) 0
Please sign in to leave a comment.
Comments
15 comments