How to disable email for specific user?

Baka

Verified User
Joined
Oct 27, 2011
Messages
12
Hello.

DA have ability to limit send emails from every specific user.
But minimum range is one email per day.

How to full disable all outgoing emails from specific user?


DA Version: 1.47.0
OS: Debian 7.0 64-bit
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,004
Location
Maastricht
Modify his package and set email addresses to 0.
He won't be able to get incoming mails on his domain either, unless he forwards it to somewhere else.
 

Baka

Verified User
Joined
Oct 27, 2011
Messages
12
Modify his package and set email addresses to 0.
He won't be able to get incoming mails on his domain either, unless he forwards it to somewhere else.
Question is not about "how to disable INCOMING mails".
How to disable OUTGOING mails?

And of course i have set email addresses to 0. But that not help.
Default system email address still continue collect spam(forward to blackhole not working too).
And user can send one email per day from his account via CMS php mail scripts.
(if i set "0" - it will be mean unlimited, how to full disable?)
 

Baka

Verified User
Joined
Oct 27, 2011
Messages
12
I mean how to disable OUTGOING emails.
If i set set email addresses to 0, user still can send messages from server via php scripts.
 

Vaporizer

Verified User
Joined
Nov 7, 2014
Messages
74
You can add the user to /etc/virtual/blacklist_usernames to prevent them from sending any mail using sendmail/smtp on your server. If you have CSF make sure you also enable SMTP_BLOCK (and SMTP_ALLOWLOCAL) so the user also can't send mail using another smtp server.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
That should be mentioned that /etc/virtual/blacklist_username is available in exim.conf of a version since 4.2.3, so you should use either 4.2.x or 4.3.x with CustomBuild 2.x.

Code:
[COLOR=#000000]BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames
[/COLOR]
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,004
Location
Maastricht
prevent them from sending any mail using sendmail/smtp on your server
Does that also prevent from sending via phpmail (so via installed scripts)? Because that was still an issue before.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
Yes, it prevents from sending via phpmail.

More detailed answer:

The check of a user against the blacklist is done in acl_not_smtp:
Code:
acl_not_smtp = acl_script
...
Code:
  discard condition = ${if !eq{$originator_uid}{$exim_uid}}
          condition = ${if exists{BLACKLIST_USERNAMES}}
          condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}}
          message = USER_ON_BLACKLIST_SCRIPT
Here is what you one can see in official docs:

The non-SMTP ACLs apply to all non-interactive incoming messages, that is, they apply to batched SMTP as well as to non-SMTP messages.
...
The acl_not_smtp ACL is run just before the local_scan() function. Any kind of rejection is treated as permanent, because there is no way of sending a temporary error for these kinds of message.
Thus if you try to send email from an account listed in /etc/virtual/blacklist_usernames by any means from a server your email will be rejected with "Script delivery blocked via /etc/virtual/blacklist_usernames." for a script:

Code:
2015-04-19 17:04:27 1Yjn1X-0003gO-A9 => blackhole (non-SMTP ACL discarded recipients): User account (cmsdev) is not allowed to send emails.  Script delivery blocked via /etc/virtual/blacklist_usernames.
2015-04-19 17:04:27 1Yjn1X-0003gO-A9 Completed
Of course if we say about PHP mail(), but not sockets.

Related: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html
http://files.directadmin.com/services/SpamBlocker/4.3.3/exim.conf-SpamBlockerTechnology-v4.3.3.txt
 

Baka

Verified User
Joined
Oct 27, 2011
Messages
12
I have updated exim.conf to 4.3.3 and test feature "/etc/virtual/blacklist_usernames".
For test account working ok. Impossible send email via phpscripts & smtp. Mail Queue is empty.
Looking good.

But then, i have add real username(user1) to /etc/virtual/blacklist_usernames
And sometimes i'm still see his emails from his account in "Mail Queue Administration".


E-Mail Headers:
Code:
1Yt7dv-00086u-Js-H
mail 8 8
<>
1431665679 0
-active_hostname server.localserverdomain.com
-ident mail
-received_protocol local
-aclm _uid 2
-1
-aclm _username 7
unknown
-body_linecount 28
-max_received_linelength 351
-allow_unqualified_recipient
-allow_unqualified_sender
-frozen 1431665679
-localerror
XX
1
sample_user@subdomain.example.com

159P Received: from mail by server.localserverdomain.com with local (Exim 4.80.1)
	id 1Yt7dv-00086u-Js
	for sample_user@subdomain.example.com; Fri, 15 May 2015 07:54:39 +0300
029  Auto-Submitted: auto-replied
063F From: Mail Delivery System <Mailer-Daemon@server.localserverdomain.com>
036T To: sample_user@subdomain.example.com
052  Subject: Mail failure - malformed recipient address
052I Message-Id: <E1Yt7dv-00086u-Js@server.localserverdomain.com>
038  Date: Fri, 15 May 2015 07:54:39 +0300

/var/log/exim/mainlog:
Code:
2015-05-15 07:54:39 cwd=/home/user1/domains/subdomain.example.com/public_html/storage/3a 4 args: /usr/sbin/sendmail -t -i -sample_user@subdomain.example.com
2015-05-15 07:54:39 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1Yt7dv-00086s-Fy
2015-05-15 07:54:39 1Yt7dv-00086u-Js <= <> R=1Yt7dv-00086s-Fy U=mail P=local S=1957 T="Mail failure - malformed recipient address" from <> for sample_user@subdomain.example.com
2015-05-15 07:54:39 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1Yt7dv-00086u-Js
2015-05-15 07:54:39 1Yt7dv-00086u-Js ** sample_user@subdomain.example.com F=<> R=virtual_aliases: 
2015-05-15 07:54:39 1Yt7dv-00086u-Js Frozen (delivery error message)
2015-05-15 08:01:49 cwd=/usr/local/directadmin 3 args: /usr/sbin/exim -Mvh 1Yt7dv-00086u-Js
2015-05-15 08:01:49 cwd=/usr/local/directadmin 3 args: /usr/sbin/exim -Mvb 1Yt7dv-00086u-Js
2015-05-15 08:01:49 cwd=/usr/local/directadmin 3 args: /usr/sbin/exim -Mvl 1Yt7dv-00086u-Js
It is ok? Or something still going wrong?
 

Baka

Verified User
Joined
Oct 27, 2011
Messages
12
I have updated exim.conf to 4.3.3 and test feature "/etc/virtual/blacklist_usernames".
For test account working ok. Impossible send email via phpscripts & smtp. Mail Queue is empty.
Looking good.

But then, i have add real username(user1) to /etc/virtual/blacklist_usernames
And sometimes i'm still see his emails from his account in "Mail Queue Administration".


E-Mail Headers:
Code:
1Yt7dv-00086u-Js-H
mail 8 8
<>
1431665679 0
-active_hostname server.localserverdomain.com
-ident mail
-received_protocol local
-aclm _uid 2
-1
-aclm _username 7
unknown
-body_linecount 28
-max_received_linelength 351
-allow_unqualified_recipient
-allow_unqualified_sender
-frozen 1431665679
-localerror
XX
1
sample_user@subdomain.example.com

159P Received: from mail by server.localserverdomain.com with local (Exim 4.80.1)
	id 1Yt7dv-00086u-Js
	for sample_user@subdomain.example.com; Fri, 15 May 2015 07:54:39 +0300
029  Auto-Submitted: auto-replied
063F From: Mail Delivery System <Mailer-Daemon@server.localserverdomain.com>
036T To: sample_user@subdomain.example.com
052  Subject: Mail failure - malformed recipient address
052I Message-Id: <E1Yt7dv-00086u-Js@server.localserverdomain.com>
038  Date: Fri, 15 May 2015 07:54:39 +0300

/var/log/exim/mainlog:
Code:
2015-05-15 07:54:39 cwd=/home/user1/domains/subdomain.example.com/public_html/storage/3a 4 args: /usr/sbin/sendmail -t -i -sample_user@subdomain.example.com
2015-05-15 07:54:39 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1Yt7dv-00086s-Fy
2015-05-15 07:54:39 1Yt7dv-00086u-Js <= <> R=1Yt7dv-00086s-Fy U=mail P=local S=1957 T="Mail failure - malformed recipient address" from <> for sample_user@subdomain.example.com
2015-05-15 07:54:39 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1Yt7dv-00086u-Js
2015-05-15 07:54:39 1Yt7dv-00086u-Js ** sample_user@subdomain.example.com F=<> R=virtual_aliases: 
2015-05-15 07:54:39 1Yt7dv-00086u-Js Frozen (delivery error message)
2015-05-15 08:01:49 cwd=/usr/local/directadmin 3 args: /usr/sbin/exim -Mvh 1Yt7dv-00086u-Js
2015-05-15 08:01:49 cwd=/usr/local/directadmin 3 args: /usr/sbin/exim -Mvb 1Yt7dv-00086u-Js
2015-05-15 08:01:49 cwd=/usr/local/directadmin 3 args: /usr/sbin/exim -Mvl 1Yt7dv-00086u-Js
It is ok? Or something still going wrong?
 

Baka

Verified User
Joined
Oct 27, 2011
Messages
12
I have install new exim.conf 4.3.3 & exim.pl 20
Working strange. 50% mail attempts block(exim log saying "balckhole") / 40% user still can send emails via php scripts.
10% sometimes i see frozen messages in Mail Queue with error "A message that you sent contained one or more recipient addresses that were
incorrectly constructed" "Mail failure - malformed recipient address".
 

Baka

Verified User
Joined
Oct 27, 2011
Messages
12
I mean username have been added in /etc/virtual/blacklist_usernames
And some emails via php scripts still can go out from server. Of course not all, but why 50/50. Magic.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
Those are bounces, look at:


Code:
063F From: Mail Delivery System <Mailer-Daemon@server.localserverdomain.com>
036T To: sample_user@subdomain.example.com
Code:
2015-05-15 07:54:39 1Yt7dv-00086u-Js <= <> R=1Yt7dv-00086s-Fy U=mail P=local S=1957 T="Mail failure - malformed recipient address" from <> for sample_user@subdomain.example.com
It's not your user who sends emails (at least that you provided here). Probably he tries, but your server rejects them.So that's OK as the very first line of the conditional check:
Code:
${if !eq{$originator_uid}{$exim_uid}}
$originator_uid: The value of $caller_uid that was set when the message was received. For messages received via the command line, this is the uid of the sending user. For messages received by SMTP over TCP/IP, this is normally the uid of the Exim user.http://www.exim.org/exim-html-3.30/doc/html/filter_34.html
 

Baka

Verified User
Joined
Oct 27, 2011
Messages
12
Found bug & my problem.

If user in blacklist_usernames, but if he anyway trying send emails via php with speed more than 17+ messages per second,
exim(or acl?) does not have time to check them all. So, some messages going out from server without checking & logging in exim log.

Any ideas how possible to fix that?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
How did you find that number? How did you come into such a conclusion that your exim check fails and it passes emails at a rate of 17+ emails per second?

You might want to debug exim with the following command:

Code:
/etc/init.d/exim stop
exim -bd -d+all 2>&1 | tee -a /var/log/exim-debug.log
and try to send emails from an user which is blacklisted on your server with your rates.

That should show how exim deals with your emails.
 

Baka

Verified User
Joined
Oct 27, 2011
Messages
12
I'm have enabled logging all mails sending via php scripts(phpmail.log). Next i check thiss log and compared with exim log.
There(phpmail.log) was 20 attempts per seconds to send email to same(1) email address.

Example(phpmail.log):
mail() on [/home/user1/domains/subdomain.example.com/public_html/storage/originals/52/3a/options.php:2]: To: sample@yahoo.com -- Headers: From: "Name1 Name2" <sample_user@subdomain.example.com> Reply-To:"Name1 Name2" <sample_user@subdomain.example.com> X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 8bit
............(1-20)
mail() on [/home/user1/domains/subdomain.example.com/public_html/storage/originals/52/3a/options.php:2]: To: sample@yahoo.com -- Headers: From: "Name1 Name2" <sample_user@subdomain.example.com> Reply-To:"Name1 Name2" <sample_user@subdomain.example.com> X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 8bit

Next i check exim log. What he does with that mails attempts. And i see only 18 lines with this email.

Example(exim/mainlog.log):
2015-05-21 12:22:43 cwd=/home/user1/domains/subdomain.example.com/public_html/storage/originals/52/3a 4 args: /usr/sbin/sendmail -t -i -sample_user@subdomain.example.com
2015-05-21 12:22:43 1YvMgd-0001iF-6b <= sample_user@subdomain.example.com U=jack715 P=local S=798 T="FW: Your Affordable E D propositions" from <sample_user@subdomain.example.com> for sample@yahoo.com
2015-05-21 12:22:43 1YvMgd-0001iF-6b => blackhole (non-SMTP ACL discarded recipients): User account (user1) is not allowed to send emails. Script delivery blocked via /etc/virtual/blacklist_usernames.
2015-05-21 12:22:43 1YvMgd-0001iF-6b Completed
............(1-18)
2015-05-21 12:22:43 cwd=/home/user1/domains/subdomain.example.com/public_html/storage/originals/52/3a 4 args: /usr/sbin/sendmail -t -i -sample_user@subdomain.example.com
2015-05-21 12:22:43 1YvMgd-0001iH-8X <= sample_user@subdomain.example.com U=jack715 P=local S=798 T="FW: Your Affordable E D propositions" from <sample_user@subdomain.example.com> for sample@yahoo.com
2015-05-21 12:22:43 1YvMgd-0001iH-8X => blackhole (non-SMTP ACL discarded recipients): User account (user1) is not allowed to send emails. Script delivery blocked via /etc/virtual/blacklist_usernames.
2015-05-21 12:22:43 1YvMgd-0001iH-8X Completed

So, how i can see - 2 lines(attempts) have been ignored.
OK. At first time I did not worry about it.
But then, i have received mail abuse about emails which ones have been igonred.
Abuse email was send to sample@yahoo.com 2015-05-21 12:22:43 from sample_user@subdomain.example.com.
I check abuse email ID in all exim logs(0-10), but not found. So I have concluded - exim not have time to check all attempts from php scripts.

Now i'm trying increase exim "queue_run_max=". Still testing.
 

Baka

Verified User
Joined
Oct 27, 2011
Messages
12
Increase exim "queue_run_max=" did not help. Exim still skips some outgoing emails.
"blacklist_usernames" of course is work, but blocking only 98-99% attempts from user which name in that black list.
Outgoing emails not logged in exim log. Probably exim can't check 100% attempts if they a lot and fast.

So, I see no other choice, except for create php.ini for that user and disable email functions.
Something about... disable_functions = mail, sendmail
 
Top