Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Detect and Stop Outgoing Spam?

Discussion in 'E-mail Discussion' started by Wemerson Guimaraes, Sep 2, 2018.

Tags:
  1. Wemerson Guimaraes

    Wemerson Guimaraes Registered

    Joined:
    Sep 2, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Hi

    We use MailChannels to deliver all emails of our server and exim is configured to max 300 messages per hour... and and someone is using the server to sent a lot SPAM and MailChannels sent me a lot of warnings about spam senders comming from our server or messages that are forwarded from our server... and today sents more than 100.000 messages (but how about 300 msg limit per hour ???)

    Can you please indicate me some plugins to use with cpanel that warns me via email or sending message to my phone when detect bad behavior in senders ???

    And, i need some tips about how can i do to detect the senders in my server, based on mailchannels log ? See some log examples from mailchannels ?


    1 - Sender not found
    Code:
    This is an alert about the Sender ID, m0wkuu36cr|mailer-daemon|67.205.xxx.xx|3474770294, on your network. The senderm0wkuu36cr|mailer-daemon|67.205.xxx.xx|3474770294 is sending SPAM. Some additional information that may assist in trackingdown the problem follows.
    
    Time: 1535881405
    Originator: m0wkuu36cr|mailer-daemon|67.205.xxx.xx|3474770294
    Originator Type: Sender ID
    Sender ID: m0wkuu36cr|mailer-daemon|67.205.xxx.xx|3474770294
    Envelope Sender: <>
    IP: 67.205.xxx.xx
    Condition: m0wkuu36cr|mailer-daemon|67.205.xxx.xx|3474770294 is sending SPAM

    2 - Forwarded from other location (104.41.xxx.xx )
    Code:
    This is an alert about the Sender ID, _forwarded-from|104.41.xxx.xx, on your network. The sender_forwarded-from|104.41.xxx.xx is sending SPAM. Some additional information that may assist in trackingdown the problem follows.
    
    Time: 1535633680
    Originator: _forwarded-from|104.41.xxx.xx
    Originator Type: Sender ID
    Sender ID: _forwarded-from|104.41.xxx.xx
    Envelope Sender: bounces@example.org.br
    IP: 67.205.xxx.xx
    Condition: _forwarded-from|104.41.xxx.xx is sending SPAM
    
    Look at bounces@example.org.br ... example.org.br is not on my server... I need to understand how this is possible and what can i do to stop this.
     
    #1 Wemerson Guimaraes, Sep 2, 2018
    Last edited by a moderator: Sep 3, 2018
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,890
    Likes Received:
    91
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    You can try mailscanner for your setup. This will scan the mails primarily..
    Home - MailScanner
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Wemerson Guimaraes

    Wemerson Guimaraes Registered

    Joined:
    Sep 2, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Hi, thanks for your tip... i will do that.

    But for now, i need to stop emails that do not have valid account on my server to be sent... How can o do that on exim ?
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,334
    Likes Received:
    2,162
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Wemerson Guimaraes,

    The following documents are a good place to start when attempting to prevent email abuse overall:

    How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation
    How to Prevent Spam with Mail Limiting Features - cPanel Knowledge Base - cPanel Documentation

    Additionally, cPanel & WHM version 74 includes a new feature to reject and hold email for suspected spammers. You can read more about it at:

    Reject and hold outgoing mail for suspect spammers

    As far as the forwarded email in-question, can you review /var/log/exim_mainlog on the cPanel server to see if you notice any specific output matching the time stamps in the output you provided. The following resource is useful for understanding how to search the Exim logs for the information you are seeking:

    Tutorial - Reading and Understanding the exim main_log

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice