Stop spam from exiting
Hey Guys,
Well I have a VPS and my provider is VERY strict on spam policies. I run a free web host company (I know, not a good idea in the first place with strict spam policies, but I do).. Anyways I seem to be sending out spam aswell as receieving it from my VPS. SpamAssassin seems to be doing good for the stuff coming in. But how can I stop stuff going out? More or less I want to stop emails that contain words like "viagra", "nigeria", etc.. How can I go about doing this in cPanel 11?
- Steve
Hi,
You can add filter rulers to this file:
/etc/cpanel_exim_system_filter
if you have SSH or telnet access.
http://exim.org/
I'll post back if no one else posts any sample code. No sure off the top of my head on how to but do know that cpanel_exim_system_filter would be the place to put it. Also keep in mind that when cpanel updates exim your custom filters will be overwritten so back them up and check them often.
update:
I looked around and you can something like this:
if "$h_subject" contains "viagra|nigeria"
then
fail
endif
That is pipe separating your entry in the contains. This will force the email to fail.
Mike
Last edited by JIKOmetrix; 07-07-2007 at 08:54 AM.
Hi,
I was thinking about this again and you could do this too:
Doing this will send an email back to the sender on your system with the above message.Code:if "$h_subject" contains "viagra|nigeria" then fail text "This message has been rejected because our\n\ system has determined that this email may be SPAM\n\ or does not conform to the CANN SPAM ACT." seen finish endif
Mike
Two fairly basic and critical things you can do.
1) Install the CSF firewall from www.configserver.com;
CSF can be set to not allow email to be sent out other than through exim; you should set those options in the configuration.
2) Set the per-hour email out limit to a low number. You can always increase that by adding "domainname.com=NNNN" to the file /var/cpanel/maxemails (see here for more detailed example).
This prevents or severely limits outgoing spam for most domains. If something does get through, you'll be protected as the spammers will be limited.
Two less critical (but also helpful) things you can do:
3) Install phpsuexec so you can identify spam and rogue processes. You lose a little on performance but this is nothing compared to what you'll save in stability and security.
You can also install suphp which is a little stabler (some people believe a lot more stable) and is the way of the future as phpsuexec is not being maintained any more.
4) Install mod_security with a good set of rules to catch attempts to hack contact scripts.
Much spam comes from hacked contact scripts; a good set of rules will keep you safe from most of this.
Basically you can get much of this done by the folks at configserver.com for a very reasonable cost (compared to the cost and effort of doing yourself).
Last edited by brianoz; 07-09-2007 at 10:54 AM.
If you don't want the message to be echoed to the sender, just ommit the fail part:Originally Posted by JIKOmetrix
then
seen finish
endif
Hi,
Omitting the fail message and just doing an unseen finish is better. You will not have to be concerned with back scatter to spoofed email addresses.
Mike
Fail would reject_during_SMTP. Nothign wrong with forcing the message burden back to the sending server (who shouldn't be sending/relaying it anyway) - or in the case of a zombied machine, same thing. Fail works fine and does not cause you to participate in backscatter.
Mike
Hi,
Oh, I did not know that. Thanks.
Mike
Yes but If the sender does not exists, the message will go to the queue. Had this problem and fixed it with the seen finish.
LinkBack URL
About LinkBacks
Reply With Quote