Results 1 to 2 of 2
  1. #1

    WHM exim does not refuse emails during SMTP with :fail:

    Helo.. running WHM at Fedora 6... WHM 11.11.0 cPanel 11.16.0-R18546

    I have a problem with spoofing spammers.. my queue is plenty of non-delivered emails from externals SMTP, sended to NON-existents address on my server...

    The question is the destination domain (mydomain.com b.example) has already its ":fail: No Such User Here" alias.

    SMF records applied, but not the most external SMTP servers checks them nowadays...

    Using :fail: the email is never accepted into the server. During the initial SMTP negotiation when the senders SMTP server connects to your SMTP server, the sending SMTP server issues a RCPT command notifying your server which email address the email to follow is intended for. Your server then checks whether the recipient email actually exists on your server (a POP3 account, an alias or a catchall alias) and if it does not, it issues an SMTP DENY which terminates the attempt to deliver the email.
    Well, in my case it justs receives message and then frozen it!!!

    Some more data:

    IN MY QUEUE:
    1JMoh4-0004UG-Pz-H
    mailnull 47 12
    <>
    1202321302 0
    -helo_name luatvietnam.vn
    -host_address 203.162.168.16.1839
    -interface_address 85.x.x.x.25
    -received_protocol smtp
    -body_linecount 50
    -max_received_linelength 93
    -frozen 1202407547
    -host_lookup_failed
    -manual_thaw
    XX
    1
    [email protected]

    210P Received: from [203.162.168.16] (port=1839 helo=luatvietnam.vn)
    by myserver.mine.com with smtp (Exim 4.68)
    id 1JMoh4-0004UG-Pz
    for [email protected]; Wed, 06 Feb 2008 19:08:23 +0100
    069P Received: (qmail 6913 invoked for bounce); 5 Feb 2008 09:04:11 -0500
    032 Date: 5 Feb 2008 09:04:11 -0500
    032F From: [email protected]
    039T To: [email protected]
    024 Subject: failure notice
    WHEN TRYING TO DELIVER FROM QUEUE:
    AT LOGS (first time):
    2008-02-06 19:08:17 SMTP connection from [203.162.168.16]:1839 I=[85.112.9.44]:25 (TCP/IP connection count = 9)
    2008-02-06 19:08:20 no host name found for IP address 203.162.168.16
    2008-02-06 19:08:22 H=(luatvietnam.vn) [203.162.168.16]:1839 I=[85.x.x.x]:25 Warning: Sender rate 0.0 / 1h
    2008-02-06 19:08:23 1JMoh4-0004UG-Pz <= <> H=(luatvietnam.vn) [203.162.168.16]:1839 I=[85.x.x.x]:25 P=smtp S=2405 T="failure notice" from <> for [email protected]
    2008-02-06 19:08:23 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1JMoh4-0004UG-Pz
    2008-02-06 19:08:23 1JMoh4-0004UG-Pz ** [email protected] F=<> R=virtual_aliases: No Such User Here
    2008-02-06 19:08:23 1JMoh4-0004UG-Pz Frozen (delivery error message)
    2008-02-06 19:08:24 SMTP connection from (luatvietnam.vn) [203.162.168.16]:1839 I=[85.x.x.x]:25 closed by QUIT
    What the hell? It is :FAIL: supposed to reject emails during SMTP protocol!?!?!?! why the email is at my server queue, and frozen?!?!?!

    Please help! I am trying to find a solution, but blackholing it is not a great idea I think.

    Thanks so much in advance.

  2. #2
    ok

    finally find the problem for myself...

    ########################################################################################
    # DO NOT ALTER THIS BLOCK
    ########################################################################################
    #
    # cPanel Default ACL Template Version: 3.8
    # Template: mailman2.exiscan.dist
    #
    ########################################################################################
    # DO NOT ALTER THIS BLOCK
    ########################################################################################

    acl_connect:
    [% ACL_CONNECT_BLOCK %]

    # do not change the comment in the line below, it is required for /usr/local/cpanel/bin/check_exim_config
    #acl_smtp_notquit is required for this to work (exim 4.68)

    accept

    acl_notquit:
    [% ACL_NOTQUIT_BLOCK %]


    #!!# ACL that is used after the RCPT command
    check_recipient:
    # Exim 3 had no checking on -bs messages, so for compatibility
    # we accept if the source is local SMTP (i.e. not over TCP/IP).
    # We do this by testing for an empty sending host field.


    #**########################################################################################
    #**########################################################################################
    #**# PARA EVITAR BOUNCE MESSAGES A ENTREGAS A DIRECCIONES QUE NO EXISTEN
    #**# (si lo pongo aqui, el servidor deniega la entrega del mensaje si el recipient no es
    #**# valido).... Cpanel manda cojones... sobrecargas y colas de 3000 correos por esta cosa
    #**########################################################################################
    require verify = recipient
    #**########################################################################################
    #**########################################################################################
    ...
    ...etc
    Added require verify = recipient before checking anything else and accepting the email.

    Cpanel, with it defaults, first accept the email, and then refuse it sending a bounce message to the external SMTP server.. I think this is a bit crazy.. Why do we have to send the "non existent user" email, instead of just refusing during SMTP protocol the incoming email? for that have I a ":fail:"??? Now, with my modification, is the external SMTP the one who notify the sender.

    CPANEL, I think you might take care of this!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •