The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Block individual email from sending spam from server

Discussion in 'E-mail Discussions' started by casim, Dec 10, 2014.

  1. casim

    casim Member

    Joined:
    Dec 5, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I have a situation where my email server is being used to spam.
    A non existent email address referencing my domain is successfully posting 100s of emails.

    It's using something like this
    myDomainName@servername.myDomainName.com

    e.g. cnn@servername.cnn.com

    Is there a (simple) way to stop this?

    Any help is appreciated.

    Casim.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Do you notice any additional information about the email in the message header or in /var/log/exim_mainlog?

    You may also find the following document helpful:

    cPanel - Prevent Email Abuse

    Thank you.
     
  3. dmacomber

    dmacomber Member

    Joined:
    Oct 9, 2014
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I had similar situation. So this is what I did

    My immediate action was to put an exim custom filter rule to forward those emails back to me. Most had the same "Pizza Hut Coupon" subject, so they didn't go out anymore.

    Turn on php script information to be put in email's header info to point out the offending PHP script. Mine was in that's domains HTML_Public\... folder

    Turn on PHP scrpit logging to see what Ip it was coming from and block all access from it in Cpanel. Ideal option would be to correct those bad scripts, but not an option in my case.

    Just in the off chance do a search for
    Code:
    find / -name menu87.php
    That was my bad script.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Not sure if this is helpful here or not, worth a look to make sure its enabled though:
    WHM » Service Configuration » Exim Configuration Manager

     
  5. casim

    casim Member

    Joined:
    Dec 5, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks. I switched this on and will monitor it.
     
  6. casim

    casim Member

    Joined:
    Dec 5, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Firstly, thanks for your post. I'm working through your suggestion.

    I'm new to this so I'll be slow but will be responding.

    I'm editing the filter file using these directions for anyone else who may read this thread. https://documentation.cpanel.net/display/ALD/Customize+the+Exim+System+Filter+File#CustomizetheEximSystemFilterFile-HowtocreateacustomEximsystemfilterfile
     
  7. casim

    casim Member

    Joined:
    Dec 5, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    HI can you show me the process & code you used to set up the filter?
    I'm finding it difficult to wade through all the documentation on the How-To
    Thanks in advance.
     
  8. casim

    casim Member

    Joined:
    Dec 5, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Wow, after a lot of reading and work I have solved my problem. Thank you!

    I added the following lines of code to the php.ini

    mail.add_x_header = On
    mail.log = /var/log/phpmail.log

    created the phpmail.log file with write permissions

    and there it was in the header - 60 emails generated on each send.

    the offending file for me was .info.php in a Moodle directory

    The as$@#les even had the leading . so it was read as a hidden system file.

    Thanks everyone for your help.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page