Feature Importer

shared this feature request
3 years ago



Relates to




Tweak Settings disabling BoxTrapper by default

As a Server Administrator, I want to have the Tweak Settings disabling BoxTrapper by default, so that boxtrapper challenge mail is not spamming customers.

BoxTrapper turns any cPanel machine into a spam server. The reason is simple. Spammers always spoof the FROM email address. To avoid being blocked by spamfilters (using sender verification callouts) they generally try to ensure that the fake FROM address used actually does exist somewhere. BoxTrapper sends a challenge/response email to every spoofed (existing) FROM address. Hence for every spam message cPanel receives it sends a spam out itself to the unknowing user who's email address happens to be abused at random by the spammer.

Many spamfilters will actually block servers that are running such a challenge/response system exactly for that reason.

This is a feature that has been migrated over from the cPanel Forums. All previous comments and discussions concerning this feature can be located at:


Definitely agree, many webhosters are disabling BoxTrapper due to the reason you just explained. Unfortunately Spammers are smarter than BoxTrapper, BoxTrapper was a cool feature, now it's useful only to quickly set the server IP as blacklisted.


I second this. BoxTrapper dont work as a filter anymore. Spammers have become smarter, but BoxTrapper is still working like in 2006 and users dont want to deal with blocked emails; they want a proactive filter.

BoxTrapper should come disabled. And prepare to be deprecated before 11.40.

Some graylisting tactic should replace BoxTrapper for those who want to enable this kind of filtering.


utter rot. boxtrapper works well. my users do want to have control over their filters. it is proactive filtering without the user setting the bounds which is the scurge of the internet. my users want to decide for themselves what is spam and what is not, and what emails they will/will not receive. i for one, do not want it disabled, and neither do i want it gone. in fact, it is a major selling point of my email service, to consumers and businesses alike. if anyone doesnt like boxtrapper, they dont have to use it. theres nothing forcing you to use boxtrapper. and it can be disabled by individual users. kindly stop trying to spoil things for the rest of us through your personal prejudice.


I would suggest tighter integration with Spamassassin, perhaps requiring spamassassin if boxtrapper is enabled, incorporate the white/blacklists from boxtrapper into SA, An option to sa-learn from the Boxtrapper queue, an option to automatically sa-learn --spam for the non-verified emails as they expire from the queue, sa-learn --spam as addresses are blacklisted.. the better you get SA working, the less outbound verification will be sent.

Leave Comment


Attach files...

The file must be a jpg, gif, png, bmp, ico, pdf, doc, rtf, txt, zip or rar no more than 2M