Blocking outbound email for specific domain in cPanel

When facing an issue with outgoing spam emails or just want to stop certain emails from reaching the internet, on any cPanel account you can block temporarily or permanently all outgoing emails that originate from a certain domain.

How to create a list with blocked domains

1. Connect to your WHM server using SSH.
2. Create a file called /etc/blockedemails with the command touch /etc/blockedemails
3. Now we add the domain that we wish to block outgoing emails from using the command echo testdomain.com >> /etc/blockedemails

If there are multiple domains we wish to block, we repeat the command from step number 3 for each domain.

Configure EXIM to block outgoing emails

Earlier, we created the list of domains that we want to block from sending out emails.

Now, we will proceed by configuring Exim to use the list and start blocking emails.

1. Login to the WHM web interface. Navigate to the option Exim Configuration Manager and then go to Advanced Editor.
2. On this page, navigate down until you find the a blue option with the label Add additional configuration setting. Clicking the button will reveal two text fields separated by an equal sign (=).
3. In the left text box input the following: domainlist blocked_outgoing
4. In the right text box input the following: lsearch;/etc/blockedemails
5. Next, navigate down to find a blank text section called custom_begin_outgoing_notsmtp_checkall
6. Insert the following text:

discard
sender_domains = +blocked_domains
message = Message from $sender_address_domain is manually blacklisted.

This will tell Exim to block all emails generated and sent if the sender domain is listed in the /etc/blockedemails file made earlier.

When an email is blocked by Exim because the domain is blacklisted, it will be discarded without any errors. If you would like to be notified each time an email is sent, replace discard with deny .

Afterwards, navigate to the end of the page and press Save.

Check the blocked domains

In the SSH window, run this command to check the Exim log:

tail -f /var/log/exim_mainlog

When an email is sent from one of the blocked domains, you will get notified in the log file, similar to this:

2017-01-11 21:34:13 cwd=/home/rs345/public_html/wp-admin/network 4 args: /usr/sbin/sendmail -t -i -fgeorge_adam@testdomain.com
2017-01-11 21:34:13 2a4RNT-994rMN-LS <= george_adam@testdomain.com U=web459182 P=local S=1232 id=438suds8sd83239239329329fds8k01stk@testdomain.com T=”Download this system and Earn $14.45 Today!” for test@example.com
2017-01-11 21:34:13 2a4RNT-994rMN-LS => blackhole (non-SMTP ACL discarded recipients): Message from testdomain.com is manually blacklisted.
2017-01-11 21:34:13 2a4RNT-994rMN-LS Completed

To exit the log file, press Ctrl+C.

We can also check these reports by accessing the WHM web interface, under the button Mail Delivery Reports.

Looking for Sender User and insert the cPanel username for the customer that owns the domain. You will see the emails shown as “Accepted”, with the Receiver set to “blocked” to indicate the mail was not sent.

How to remove a domain from the block

If the issue has been resolved, you can remove the file by inserting the following command in the SSH window:

echo > /etc/blockedemails

This will remove all the domains that were on the list. If you have many domains and you wish to remove only one, use any text editor:

vi /etc/blockedemails

Remove the line with the domain in question, then save and exit the file editor using the command !wq

Changes to the file are done instantly and you don’t have to restart Exim.