How to disable email for specific user?

Baka

Verified User
Joined
Oct 27, 2011
Messages
12
Hello.

DA have ability to limit send emails from every specific user.
But minimum range is one email per day.

How to full disable all outgoing emails from specific user?


DA Version: 1.47.0
OS: Debian 7.0 64-bit
 
Modify his package and set email addresses to 0.
He won't be able to get incoming mails on his domain either, unless he forwards it to somewhere else.
 
Modify his package and set email addresses to 0.
He won't be able to get incoming mails on his domain either, unless he forwards it to somewhere else.
Question is not about "how to disable INCOMING mails".
How to disable OUTGOING mails?

And of course i have set email addresses to 0. But that not help.
Default system email address still continue collect spam(forward to blackhole not working too).
And user can send one email per day from his account via CMS php mail scripts.
(if i set "0" - it will be mean unlimited, how to full disable?)
 
I mean how to disable OUTGOING emails.
If i set set email addresses to 0, user still can send messages from server via php scripts.
 
You can add the user to /etc/virtual/blacklist_usernames to prevent them from sending any mail using sendmail/smtp on your server. If you have CSF make sure you also enable SMTP_BLOCK (and SMTP_ALLOWLOCAL) so the user also can't send mail using another smtp server.
 
That should be mentioned that /etc/virtual/blacklist_username is available in exim.conf of a version since 4.2.3, so you should use either 4.2.x or 4.3.x with CustomBuild 2.x.

Code:
[COLOR=#000000]BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames
[/COLOR]
 
prevent them from sending any mail using sendmail/smtp on your server
Does that also prevent from sending via phpmail (so via installed scripts)? Because that was still an issue before.
 
Yes, it prevents from sending via phpmail.

More detailed answer:

The check of a user against the blacklist is done in acl_not_smtp:
Code:
acl_not_smtp = acl_script
...

Code:
  discard condition = ${if !eq{$originator_uid}{$exim_uid}}
          condition = ${if exists{BLACKLIST_USERNAMES}}
          condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}}
          message = USER_ON_BLACKLIST_SCRIPT

Here is what you one can see in official docs:

The non-SMTP ACLs apply to all non-interactive incoming messages, that is, they apply to batched SMTP as well as to non-SMTP messages.
...
The acl_not_smtp ACL is run just before the local_scan() function. Any kind of rejection is treated as permanent, because there is no way of sending a temporary error for these kinds of message.

Thus if you try to send email from an account listed in /etc/virtual/blacklist_usernames by any means from a server your email will be rejected with "Script delivery blocked via /etc/virtual/blacklist_usernames." for a script:

Code:
2015-04-19 17:04:27 1Yjn1X-0003gO-A9 => blackhole (non-SMTP ACL discarded recipients): User account (cmsdev) is not allowed to send emails.  Script delivery blocked via /etc/virtual/blacklist_usernames.
2015-04-19 17:04:27 1Yjn1X-0003gO-A9 Completed

Of course if we say about PHP mail(), but not sockets.

Related: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html
http://files.directadmin.com/services/SpamBlocker/4.3.3/exim.conf-SpamBlockerTechnology-v4.3.3.txt
 
I have updated exim.conf to 4.3.3 and test feature "/etc/virtual/blacklist_usernames".
For test account working ok. Impossible send email via phpscripts & smtp. Mail Queue is empty.
Looking good.

But then, i have add real username(user1) to /etc/virtual/blacklist_usernames
And sometimes i'm still see his emails from his account in "Mail Queue Administration".


E-Mail Headers:
Code:
1Yt7dv-00086u-Js-H
mail 8 8
<>
1431665679 0
-active_hostname server.localserverdomain.com
-ident mail
-received_protocol local
-aclm _uid 2
-1
-aclm _username 7
unknown
-body_linecount 28
-max_received_linelength 351
-allow_unqualified_recipient
-allow_unqualified_sender
-frozen 1431665679
-localerror
XX
1
[email protected]

159P Received: from mail by server.localserverdomain.com with local (Exim 4.80.1)
	id 1Yt7dv-00086u-Js
	for [email protected]; Fri, 15 May 2015 07:54:39 +0300
029  Auto-Submitted: auto-replied
063F From: Mail Delivery System <[email protected]>
036T To: [email protected]
052  Subject: Mail failure - malformed recipient address
052I Message-Id: <[email protected]>
038  Date: Fri, 15 May 2015 07:54:39 +0300


/var/log/exim/mainlog:
Code:
2015-05-15 07:54:39 cwd=/home/user1/domains/subdomain.example.com/public_html/storage/3a 4 args: /usr/sbin/sendmail -t -i [email protected]
2015-05-15 07:54:39 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1Yt7dv-00086s-Fy
2015-05-15 07:54:39 1Yt7dv-00086u-Js <= <> R=1Yt7dv-00086s-Fy U=mail P=local S=1957 T="Mail failure - malformed recipient address" from <> for [email protected]
2015-05-15 07:54:39 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1Yt7dv-00086u-Js
2015-05-15 07:54:39 1Yt7dv-00086u-Js ** [email protected] F=<> R=virtual_aliases: 
2015-05-15 07:54:39 1Yt7dv-00086u-Js Frozen (delivery error message)
2015-05-15 08:01:49 cwd=/usr/local/directadmin 3 args: /usr/sbin/exim -Mvh 1Yt7dv-00086u-Js
2015-05-15 08:01:49 cwd=/usr/local/directadmin 3 args: /usr/sbin/exim -Mvb 1Yt7dv-00086u-Js
2015-05-15 08:01:49 cwd=/usr/local/directadmin 3 args: /usr/sbin/exim -Mvl 1Yt7dv-00086u-Js

It is ok? Or something still going wrong?
 
I have updated exim.conf to 4.3.3 and test feature "/etc/virtual/blacklist_usernames".
For test account working ok. Impossible send email via phpscripts & smtp. Mail Queue is empty.
Looking good.

But then, i have add real username(user1) to /etc/virtual/blacklist_usernames
And sometimes i'm still see his emails from his account in "Mail Queue Administration".


E-Mail Headers:
Code:
1Yt7dv-00086u-Js-H
mail 8 8
<>
1431665679 0
-active_hostname server.localserverdomain.com
-ident mail
-received_protocol local
-aclm _uid 2
-1
-aclm _username 7
unknown
-body_linecount 28
-max_received_linelength 351
-allow_unqualified_recipient
-allow_unqualified_sender
-frozen 1431665679
-localerror
XX
1
[email protected]

159P Received: from mail by server.localserverdomain.com with local (Exim 4.80.1)
	id 1Yt7dv-00086u-Js
	for [email protected]; Fri, 15 May 2015 07:54:39 +0300
029  Auto-Submitted: auto-replied
063F From: Mail Delivery System <[email protected]>
036T To: [email protected]
052  Subject: Mail failure - malformed recipient address
052I Message-Id: <[email protected]>
038  Date: Fri, 15 May 2015 07:54:39 +0300


/var/log/exim/mainlog:
Code:
2015-05-15 07:54:39 cwd=/home/user1/domains/subdomain.example.com/public_html/storage/3a 4 args: /usr/sbin/sendmail -t -i [email protected]
2015-05-15 07:54:39 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1Yt7dv-00086s-Fy
2015-05-15 07:54:39 1Yt7dv-00086u-Js <= <> R=1Yt7dv-00086s-Fy U=mail P=local S=1957 T="Mail failure - malformed recipient address" from <> for [email protected]
2015-05-15 07:54:39 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1Yt7dv-00086u-Js
2015-05-15 07:54:39 1Yt7dv-00086u-Js ** [email protected] F=<> R=virtual_aliases: 
2015-05-15 07:54:39 1Yt7dv-00086u-Js Frozen (delivery error message)
2015-05-15 08:01:49 cwd=/usr/local/directadmin 3 args: /usr/sbin/exim -Mvh 1Yt7dv-00086u-Js
2015-05-15 08:01:49 cwd=/usr/local/directadmin 3 args: /usr/sbin/exim -Mvb 1Yt7dv-00086u-Js
2015-05-15 08:01:49 cwd=/usr/local/directadmin 3 args: /usr/sbin/exim -Mvl 1Yt7dv-00086u-Js

It is ok? Or something still going wrong?
 
I have install new exim.conf 4.3.3 & exim.pl 20
Working strange. 50% mail attempts block(exim log saying "balckhole") / 40% user still can send emails via php scripts.
10% sometimes i see frozen messages in Mail Queue with error "A message that you sent contained one or more recipient addresses that were
incorrectly constructed" "Mail failure - malformed recipient address".
 
I mean username have been added in /etc/virtual/blacklist_usernames
And some emails via php scripts still can go out from server. Of course not all, but why 50/50. Magic.
 
Those are bounces, look at:


Code:
063F From: Mail Delivery System <[email protected]>
036T To: [email protected]

Code:
2015-05-15 07:54:39 1Yt7dv-00086u-Js <= <> R=1Yt7dv-00086s-Fy U=mail P=local S=1957 T="Mail failure - malformed recipient address" from <> for [email protected]

It's not your user who sends emails (at least that you provided here). Probably he tries, but your server rejects them.So that's OK as the very first line of the conditional check:
Code:
${if !eq{$originator_uid}{$exim_uid}}
$originator_uid: The value of $caller_uid that was set when the message was received. For messages received via the command line, this is the uid of the sending user. For messages received by SMTP over TCP/IP, this is normally the uid of the Exim user.http://www.exim.org/exim-html-3.30/doc/html/filter_34.html
 
Found bug & my problem.

If user in blacklist_usernames, but if he anyway trying send emails via php with speed more than 17+ messages per second,
exim(or acl?) does not have time to check them all. So, some messages going out from server without checking & logging in exim log.

Any ideas how possible to fix that?
 
How did you find that number? How did you come into such a conclusion that your exim check fails and it passes emails at a rate of 17+ emails per second?

You might want to debug exim with the following command:

Code:
/etc/init.d/exim stop
exim -bd -d+all 2>&1 | tee -a /var/log/exim-debug.log

and try to send emails from an user which is blacklisted on your server with your rates.

That should show how exim deals with your emails.
 
I'm have enabled logging all mails sending via php scripts(phpmail.log). Next i check thiss log and compared with exim log.
There(phpmail.log) was 20 attempts per seconds to send email to same(1) email address.

Example(phpmail.log):
mail() on [/home/user1/domains/subdomain.example.com/public_html/storage/originals/52/3a/options.php:2]: To: [email protected] -- Headers: From: "Name1 Name2" <[email protected]> Reply-To:"Name1 Name2" <[email protected]> X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 8bit
............(1-20)
mail() on [/home/user1/domains/subdomain.example.com/public_html/storage/originals/52/3a/options.php:2]: To: [email protected] -- Headers: From: "Name1 Name2" <[email protected]> Reply-To:"Name1 Name2" <[email protected]> X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 8bit

Next i check exim log. What he does with that mails attempts. And i see only 18 lines with this email.

Example(exim/mainlog.log):
2015-05-21 12:22:43 cwd=/home/user1/domains/subdomain.example.com/public_html/storage/originals/52/3a 4 args: /usr/sbin/sendmail -t -i [email protected]
2015-05-21 12:22:43 1YvMgd-0001iF-6b <= [email protected] U=jack715 P=local S=798 T="FW: Your Affordable E D propositions" from <[email protected]> for [email protected]
2015-05-21 12:22:43 1YvMgd-0001iF-6b => blackhole (non-SMTP ACL discarded recipients): User account (user1) is not allowed to send emails. Script delivery blocked via /etc/virtual/blacklist_usernames.
2015-05-21 12:22:43 1YvMgd-0001iF-6b Completed
............(1-18)
2015-05-21 12:22:43 cwd=/home/user1/domains/subdomain.example.com/public_html/storage/originals/52/3a 4 args: /usr/sbin/sendmail -t -i [email protected]
2015-05-21 12:22:43 1YvMgd-0001iH-8X <= [email protected] U=jack715 P=local S=798 T="FW: Your Affordable E D propositions" from <[email protected]> for [email protected]
2015-05-21 12:22:43 1YvMgd-0001iH-8X => blackhole (non-SMTP ACL discarded recipients): User account (user1) is not allowed to send emails. Script delivery blocked via /etc/virtual/blacklist_usernames.
2015-05-21 12:22:43 1YvMgd-0001iH-8X Completed

So, how i can see - 2 lines(attempts) have been ignored.
OK. At first time I did not worry about it.
But then, i have received mail abuse about emails which ones have been igonred.
Abuse email was send to [email protected] 2015-05-21 12:22:43 from [email protected].
I check abuse email ID in all exim logs(0-10), but not found. So I have concluded - exim not have time to check all attempts from php scripts.

Now i'm trying increase exim "queue_run_max=". Still testing.
 
Increase exim "queue_run_max=" did not help. Exim still skips some outgoing emails.
"blacklist_usernames" of course is work, but blocking only 98-99% attempts from user which name in that black list.
Outgoing emails not logged in exim log. Probably exim can't check 100% attempts if they a lot and fast.

So, I see no other choice, except for create php.ini for that user and disable email functions.
Something about... disable_functions = mail, sendmail
 
Back
Top