Exim, how to disable SMTP (not POP3, not forwardings)

skiiiks · January 14, 2021, 8:14am

Hi:
I’m having some issues because I’m being included in Spamhaus DBF list once at again.

DOMAIN RECORDS

I have my SPF in strict mode with allows just my IP to send emails.
I have DKIM registries OK.
I have a 10/10 in mail-tester.com

WEB PROJECT

My HestiaCP is a fresh installation
The web project is coded by our own. No Wordpress or other possible points of security holes.
Our project does NOT send any email at all. I have even the sendmail binary disabled from PHP. All emails are sent by Sendgrid (and they are JUST emails of “registration” or “password recovery”). We send about 5 emails per day with this service. So all the emails coming out from my domain are these ones.

EXIM DATA

Queue is always in 0, there’s no signs of “massive sending” and filled queue as in spam scenarios.
The only thing I have is tons of: dovecot_login authenticator failed for [45.142.120.82]: 535 Incorrect authentication data (set_id=XXXXXXXXX) (in XXXXXX a lot of tries)

So, in this scenario, I’m getting crazy … and I would like to go further and DISABLE SMTP at all.

But I need to leave working the POP3 (because I want just to receive emails to an account), and the forwarding service (so emails incoming to one account, are forwarded outside, to a gmail account)

How can I achieve this ?

Thank you

Raphael · January 14, 2021, 8:42am

And here is probaly the reason, why you land on the list. Forwarding mails isnt a good idea - if you forward a mail, your server will send as [email protected], but senderdomain.tld doesnt belong to you. So I suggest do disable the mail forwarding to your google account and use their pop service instead: Check emails from other accounts - Computer - Gmail Help

After that, ask Spamhaus to remove your list and check if you get listed again after a while.

skiiiks · January 14, 2021, 9:49am

It’s not Gmail, sorry, It’s FreshDesk …
I have a redirection from support@mydomain to a freshdesk support email address.
This is normal operation , isnt it ?

I have done this in other domains with no problems at all:

Raphael · January 14, 2021, 9:56am

Freshdesk shouldnt be a issue. Did you got any additional informations about why you got blacklisted? Personaly I think disable smtp isnt the right way to go, you should find out why your IP gets blacklisted, it could point to a bigger issue.

skiiiks · January 14, 2021, 10:03am

I wish I had … Spamhaus does not provide ANY information at all … Just a link to request a removal.

themew · January 14, 2021, 2:35pm

Set up DMARC and you’ll get the answers you need. Don’t know how we ever lived without it.

skiiiks · January 14, 2021, 2:57pm

SPF, DKIM, DMARC … everything is already setup

Felix · January 15, 2021, 4:42pm

Just two thoughts on this…

Is the server/IP new for you? Are there any chances the previous owner of the server/IP was using it to send spam and that is the reason the IP is blacklisted?

Is your domain name setup on a different server? Maybe on an older server left unattended? And that server has/is being used to send spam, so your domain gets blacklisted?

skiiiks · January 15, 2021, 5:20pm

Good questions …

Maybe … it’s a cloud server, so that IP was used before for sure … but the Spamhaus blocked the DOMAIN NAME, not the IP
No, it’s first time of this project in a server