outgoing spam - suggetion required

[nileshparmar]

I am facing outgoing spam issues in our servers, while searching in google we have found out following link for controlling outgoing spam activities, can at cPanel please go through following links & let us know whether this provide is realible & installing their solution is secure/harmless on our server or not ?

http://www.grscripts.com/howtofaq.html#56b
http://www.grscripts.com/

I require your suggestion to go ahead.

OR any other outgoing spam solutions

waiting for your replies

[cPanelDavidG]

There's a very long thread on ASSP Deluxe here:

Assp For Cpanel !

It seems many people are using the software in a cPanel/WHM environment with success.

[Warrenw]

In WHM server configuration you can set the option 'The maximum each domain can send out per hour' to prevent spam. This way you can also view your mail logs and see a message indicating which of your domains are breaking the rule. Any email sent in excess of the rule is discarded and never gets sent.

[nileshparmar]

its already set 100 limit emails per hour per domain, but this limit is effecting only actual users who are not sending spam mails

but the spammers haven't effect this limit & they can sending unsolicited emails
even 100 limit set per hour per domain using the script e.g php, perl , cgi

& our IP goes poor reputation in www.senderbase.org

now whats the easy way to find out spammers in our server

[brianoz]

The solution is to use either CSF or cPanel's "SMTP Tweak". This blocks direct attempts to send on port 25 via scripts which would stop most of your problem.

For your customers who are complaining about the limit of 100 per hour (I'd actually make it a little higher, say 150 - 250/hour) you can individually increase the limit.

If you haven't already installed CSF, you should go to www.configserver.com/cp/csf.html and install it on your server. Coupled with mod_security it's a highly effective way of stopping hacking and all sorts of security and exploit related issues.

[_xandih]

If you prevent customers from sending mail through php mail() function, it will help to stop spam either. Not alone, obviously, but with this, if someone sends spam, YOU WILL KNOW WHO are doing.

[nileshparmar]

Quote:

php mail() function, it will help to stop spam

how can it help

[_xandih]

Tweak Settings on WHM:

Prevent the user "nobody" from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.)

Just check it

[nileshparmar]

Quote:

The solution is to use either CSF or cPanel's "SMTP Tweak". This blocks direct attempts to send on port 25 via scripts which would stop most of your problem.

Yes Brionoz we are using CSF but till now we are not able to control outgoing spam mails, recently we found cgi spam scripts which is called hnc.cgi & dm.cgi you may heared about this

Quote:

For your customers who are complaining about the limit of 100 per hour (I'd actually make it a little higher, say 150 - 250/hour) you can individually increase the limit.

I want to keep 150 limit per hour but how can i individually increase the limit for our higher customer , i really need solution for this

Quote:

If you haven't already installed CSF, you should go to www.configserver.com/cp/csf.html and install it on your server. Coupled with mod_security it's a highly effective way of stopping hacking and all sorts of security and exploit related issues.

we have installed CSF firewall & mod_security though we are not able to controlling outgoing spam

bronoz tell me one thing which settings to be required in csf configuration
i need your suggestion

[tuxicans]

If your tmp partition is not secure you can have a look at /tmp for any malicious scripts or files with mail address list, infact even if you have secured /tmp you should have a look imho.

Another way is to check the mail logs using the command,
grep cwd /var/log/exim_mainlog|grep -i spool

It will show directories from which the mailing scripts have been sending the mails. remember it will not show the actual scripts but only parent directories.

Another option is to use the command "ps aux" which will show all currently running processes. Searchthe list for any suspecious perl scripts there.

Best Of Luck !

[nileshparmar]

Quote:

Originally Posted by tuxicans

If your tmp partition is not secure you can have a look at /tmp for any malicious scripts or files with mail address list, infact even if you have secured /tmp you should have a look imho.

Another way is to check the mail logs using the command,
grep cwd /var/log/exim_mainlog|grep -i spool

It will show directories from which the mailing scripts have been sending the mails. remember it will not show the actual scripts but only parent directories.

Another option is to use the command "ps aux" which will show all currently running processes. Searchthe list for any suspecious perl scripts there.

Best Of Luck !

For your customers who are complaining about the limit of 100 per hour (I'd actually make it a little higher, say 150 - 250/hour) you can individually increase the limit.
I want to keep 150 limit per hour but how can i individually increase the limit for our higher customer , i really need solution for this

Hi Tuxicans,

do you know this thing ?

[nxweb]

This can be done by the following steps...

edit /var/cpanel/maxemails

Code:

# If you update this file you must run /scripts/build_maxemails_config
domain.com=5000
anothersite.net=250

then run /scripts/build_maxemails_config

[nileshparmar]

Quote:

Originally Posted by nxweb

This can be done by the following steps...

edit /var/cpanel/maxemails

Code:

# If you update this file you must run /scripts/build_maxemails_config
domain.com=5000
anothersite.net=250

then run /scripts/build_maxemails_config

Thanks i got this by before you update & its really works thanks again for your update

[linuxserverguy]

Quote:

Originally Posted by nileshparmar

Thanks i got this by before you update & its really works thanks again for your update

Hello Nilesh,

What do you mean this works? do you see lots of dm.cgi dark.cgi still uploaded but no spamming?

[nileshparmar]

Quote:

Originally Posted by linuxserverguy

Hello Nilesh,

What do you mean this works? do you see lots of dm.cgi dark.cgi still uploaded but no spamming?

I was talking about : edit /var/cpanel/maxemails