The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A way to stop outgoing unauthenticated spam mail

Discussion in 'E-mail Discussions' started by davide06, Nov 28, 2014.

  1. davide06

    davide06 Registered

    Joined:
    Jul 13, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    we've a problem with all of our customer that have compromised CMS installation that is sending outgoing spam.

    In most of the case, we realize the problem with the setting "Max hourly email per domain", so we suspend the account and notify our consumer.

    The ip address of our server goes in blacklist after this and we realized that we must prevent this spam action.

    There is a way to reject this mail? I note that spammers change the FROM name, so we think that if we blocking all unauthenticated mail (sent from mail() function) with an external domain (not the local main domain), we can solve 85% of the problem

    There is a way to do this in exim configuration?

    We've blocked successfully authenticated mail with external from address thanks to this topic

    Thanks :)
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
  3. davide06

    davide06 Registered

    Joined:
    Jul 13, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    thanks for your reply. The optimization that you suggest is already set
    The problem is that our customer won't set authenticated SMTP by default, so for example, the Wordpress notification about the new comments doesn't work and this represent a large amount of assistance ticket

    I've see this exim rules /http://bobcares.com/blog/blocking-spoofed-mails-going-out-of-your-cpanel-whm-web-hosting-server/, but if I change

    acl_smtp_data = acl_smtp_data
    Exim Default: unset cPanel Default: acl_smtp_data
    This option defines the ACL that is run after an SMTP DATA command has been processed and the message itself has been received, but before the final acknowledgment is sent. See chapter 42 for further details.

    I get some error in other lower rows

    Can you tell me how to solve this problem?
    Thanks so much
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Disabling the ability for PHP to send email is really a better way to address such an issue. That being said, what are the specific error messages you receive when making those custom changes?

    Thank you.
     
  5. davide06

    davide06 Registered

    Joined:
    Jul 13, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,
    the error is related to the custom message, I've changed it and exim has given no error
    I've put it into a one of this custom section of acl_smtp_data, but this hasn't solved the problem:
    acl_smtp_data.png
    Can you tell me exactly where I need to put this rule?
    Thanks
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you elaborate on this? What problem has not been solved and what error message did you initially receive? Keep in mind that custom Exim ACL rules fall outside our scope of support, so you may want to post to the Exim mailing list for further input.

    Thank you.
     
  7. davide06

    davide06 Registered

    Joined:
    Jul 13, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,
    yes I know that custom Exim ACL rules fall outside your scope of support, so I decided to write in cPanel Forums in the hope that someone could help!
    I put the custom rule into an one of custom section of acl_smtp_data that I attached in my previous message, but this hasn't solved the problem.

    We can't disable mail function for the user, because, as I told, the problem is that our customer won't set authenticated SMTP by default, so for example, the Wordpress notification about the new comments doesn't work and this represent a large amount of assistance ticket of our customer because their CMS isn't sending any email.

    I need only to change the exim filter to stop the unauthenticated mail sent from mail() function that is changing the from address with a remote address (not included in /etc/localdomains)

    Thanks
     
  8. topofminditalia

    topofminditalia Registered

    Joined:
    Jun 27, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    hi,

    i have same problem.
    So i need interrupt this automatic send mail. But if i disable phpmail function, a user can't send any request into site.

    I need a solution please.

    Thank you
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Have you tried getting the user to use SMTP authentication instead for their script?

    Thank you.
     
Loading...

Share This Page