A way to stop outgoing unauthenticated spam mail

davide06

Registered
Jul 13, 2014
4
0
1
cPanel Access Level
Root Administrator
Hello,

we've a problem with all of our customer that have compromised CMS installation that is sending outgoing spam.

In most of the case, we realize the problem with the setting "Max hourly email per domain", so we suspend the account and notify our consumer.

The ip address of our server goes in blacklist after this and we realized that we must prevent this spam action.

There is a way to reject this mail? I note that spammers change the FROM name, so we think that if we blocking all unauthenticated mail (sent from mail() function) with an external domain (not the local main domain), we can solve 85% of the problem

There is a way to do this in exim configuration?

We've blocked successfully authenticated mail with external from address thanks to this topic

Thanks :)
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
97
78
India
cPanel Access Level
Root Administrator
Twitter

davide06

Registered
Jul 13, 2014
4
0
1
cPanel Access Level
Root Administrator
Hello,

thanks for your reply. The optimization that you suggest is already set
The problem is that our customer won't set authenticated SMTP by default, so for example, the Wordpress notification about the new comments doesn't work and this represent a large amount of assistance ticket

I've see this exim rules /http://bobcares.com/blog/blocking-spoofed-mails-going-out-of-your-cpanel-whm-web-hosting-server/, but if I change

acl_smtp_data = acl_smtp_data
Exim Default: unset cPanel Default: acl_smtp_data
This option defines the ACL that is run after an SMTP DATA command has been processed and the message itself has been received, but before the final acknowledgment is sent. See chapter 42 for further details.

I get some error in other lower rows

Can you tell me how to solve this problem?
Thanks so much
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,237
463
Hello :)

Disabling the ability for PHP to send email is really a better way to address such an issue. That being said, what are the specific error messages you receive when making those custom changes?

Thank you.
 

davide06

Registered
Jul 13, 2014
4
0
1
cPanel Access Level
Root Administrator
Hello,
the error is related to the custom message, I've changed it and exim has given no error
I've put it into a one of this custom section of acl_smtp_data, but this hasn't solved the problem:
acl_smtp_data.png
Can you tell me exactly where I need to put this rule?
Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,237
463
Hello,
the error is related to the custom message, I've changed it and exim has given no error
I've put it into a one of this custom section of acl_smtp_data, but this hasn't solved the problem:
Could you elaborate on this? What problem has not been solved and what error message did you initially receive? Keep in mind that custom Exim ACL rules fall outside our scope of support, so you may want to post to the Exim mailing list for further input.

Thank you.
 

davide06

Registered
Jul 13, 2014
4
0
1
cPanel Access Level
Root Administrator
Hello,
yes I know that custom Exim ACL rules fall outside your scope of support, so I decided to write in cPanel Forums in the hope that someone could help!
I put the custom rule into an one of custom section of acl_smtp_data that I attached in my previous message, but this hasn't solved the problem.

We can't disable mail function for the user, because, as I told, the problem is that our customer won't set authenticated SMTP by default, so for example, the Wordpress notification about the new comments doesn't work and this represent a large amount of assistance ticket of our customer because their CMS isn't sending any email.

I need only to change the exim filter to stop the unauthenticated mail sent from mail() function that is changing the from address with a remote address (not included in /etc/localdomains)

Thanks
 

topofminditalia

Registered
Jun 27, 2014
3
0
1
cPanel Access Level
Root Administrator
hi,

i have same problem.
So i need interrupt this automatic send mail. But if i disable phpmail function, a user can't send any request into site.

I need a solution please.

Thank you
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,237
463
i have same problem.
So i need interrupt this automatic send mail. But if i disable phpmail function, a user can't send any request into site.
Have you tried getting the user to use SMTP authentication instead for their script?

Thank you.