Exim: blocking spam forwarding causes bounces / frozen messages
Hi,
We enabled the cPanel option “Do not forward mail to external recipients based on SpamAssassin score”.
It correctly blocks forwarding of spam to external addresses, but we’re seeing an issue with bounce generation.
What happens:
- Message is detected as spam
- Local mailbox has a forwarder to an external address
- Forwarding is blocked (OK)
- Exim sends a bounce back to the original sender (THIS IS A SPAMMER - NOT OK)
- If the sender rejects the bounce (in this case we were blocked by its RBL), it becomes frozen and keeps retrying
Example (obfuscated):
2026-01-10 05:29:27 1veULf-0000000E9iV-0XQP <= <> R=1veULe-0000000E8nK-3i2q U=mailnull P=local S=6301 T="Mail delivery failed: returning message to sender" for xxx@xxx.com
2026-01-10 05:29:27 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1veULf-0000000E9iV-0XQP
2026-01-10 05:29:27 1veULf-0000000E9iV-0XQP Sender identification U=mailnull D=-system- S=mailnull
2026-01-10 05:29:35 1veULf-0000000E9iV-0XQP ** xxx@xxx.com.br R=dkim_lookuphost T=dkim_remote_smtp H=xxx.com [1.1.1.1] X=TLS1.3:TLS_AES_256_GCM_ SHA384:256 CV=yes : SMTP error from remote mail server after RCPT TO:<xxx@xxx.com>: 554 5.7.1 <xxx@xxx.com>: Recipient address rejected: SPFBL you are permanently blocked in this server. See http://spfbl.net/en/feedback
2026-01-10 05:29:35 1veULf-0000000E9iV-0XQP Frozen (delivery error message)
2026-01-10 05:30:09 1veULf-0000000E9iV-0XQP Message is frozen
2026-01-10 05:45:09 1veULf-0000000E9iV-0XQP Message is frozen
2026-01-10 06:00:09 1veULf-0000000E9iV-0XQP Message is frozen
2026-01-10 06:15:09 1veULf-0000000E9iV-0XQP Message is frozen
This is the config. in exim.conf:
reject_forwarded_mail_marked_as_spam:
driver = redirect
domains = ! +local_domains
condition = ${if eq {$spam_score_int}{}{0}{${if >{$spam_score_int}{50}{1}{0}}}}
#ignore verisign to prevent waste of bandwidth
ignore_target_hosts = +loopback : 64.94.110.0/24
allow_fail
data = :fail: This mail cannot be forwarded because it was detected as spam.
Goal:
- Silently discard the forwarded copy
- No bounces / no backscatter
What’s the recommended way to handle this in Exim/cPanel?
Should this use :blackhole: / :discard: instead of :fail: or is there a better supported approach?
Thanks.
-
After some digging if I modify this file like so:
/usr/local/cpanel/etc/exim/replacecf/no_forward_outbound_spam_over_int/reject_forwarded_mail_marked_as_spam:
Diffs:- remove "allow_fail"
- change line data = .... to transport = blackhole
#
# no_forward_outbound_spam enabled
#
#
#
reject_forwarded_mail_marked_as_spam:
driver = accept
domains = ! +local_domains
condition = ${if eq {$spam_score_int}{}{0}{${if >{$spam_score_int}{[% exim_config.no_forward_outbound_spam_over_int %]}{1}{0}}}}
#ignore verisign to prevent waste of bandwidth
ignore_target_hosts = +loopback : 64.94.110.0/24
transport = blackholeand add this transport in TRANSPORTSTART:
blackhole:
driver = appendfile
file = /dev/null
it works. Will this file be overwritten with updates?
Thanks
0 -
Hey there! When I check the file itself it doesn't show that it is linked to a package:
# rpm -qf /usr/local/cpanel/etc/exim/replacecf/no_forward_outbound_spam_over_int/reject_forwarded_mail_marked_as_spam
file /usr/local/cpanel/etc/exim/replacecf/no_forward_outbound_spam_over_int/reject_forwarded_mail_marked_as_spam is not owned by any packageso normally I would expect that to survive updates.
Just so we have it recorded, here is the default value for the "data" option:
data = :fail: This mail cannot be forwarded because it was detected as spam.
0 -
Great thanks!
0 -
I confirm that the file gets overwritten after a cPanel update. I will make a hook or something to rewrite it then.
Thanks.
0 -
Interesting - we must specifically force that file outside of an RPM.
Do you think we should offer users a way to edit this specific function in the UI somewhere?
0 -
Yes, I confirm it gets overwritten by the updater:
grep "no_forward_outbound_spam_over_int" /var/cpanel/updatelogs/*
/var/cpanel/updatelogs/update.2405960.1140678737.1756925052.log:[2026-01-13 16:18:28 -0300] Retrieving and staging /cpanelsync/11.134.0.2/cpanel/etc/exim/replacecf/no_forward_outbound_spam_over_int/reject_forwarded_mail_marked_as_spam.xzIt would be nice to have 2 extra options like these:
- Do not bounce mail to external recipients when forwarding if it matches the Apache SpamAssassin™ internal spam_score setting (On or Off)
- Do not bounce mail to external recipients when forwarding based on the defined Apache SpamAssassin™ score (On or Off)
PS: I’ve just edited the previous post because the code was incorrect.
0 -
I've created a feature request and I'll talk to the team about this tomorrow. I'll let you know what we discuss, likely early next week!
0 -
Thanks!
0 -
We're looking into this on our end now. I wonder instead of a toggle if we just changed it to create the file with the option that doesn't introduce backscatter - why would anyone want to send a bounce to a spam message?
I'll post again once I have more details.
1 -
cPRex +1 to this.
We also raised a ticket #95865928 last month regarding the issue if it helps.0 -
I agree!
0 -
Alright, I talked with the team and we decided to make a case to see if the developers can tackle this one. I've created case CPANEL-51267 and linked this thread to it, so if I hear any updates on my end I'll be sure to post!
0 -
Great thanks!
0 -
Sure thing!
0
Please sign in to leave a comment.
Comments
14 comments