The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Determining spam source

Discussion in 'Security' started by abaks, Aug 17, 2011.

  1. abaks

    abaks Registered

    Joined:
    Aug 17, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    How can I determine spam source? My exim is sending lot's of spam to russian servers and I cannot localize why. In /var/log/exim_mainlog I see only rejected connections from these servers but I can't see which of my clients (I suppose the source is inside and I'm not open relay) is doing this all mess. Please help.
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Please check WHM > Mail Queue Manager for one of the messages and paste the contents of the message here for the headers.
     
  3. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Athens Greece
    place limits for the domains how many emails can send per hour.
    disable "Antirelayd" in "WHM >> Main >> Service Configuration >> Service Manager" in order to avoid abuse of "POP before SMTP" authentication.
    One of the best ways to find an account that is sending spam is to use suPHP as the PHP handler instead of DSO. This will run all PHP scripts as the cPanel
    account user, instead of as the Apache user nobody. If a PHP script is sending spam, this will make it relatively easy to find which account is responsible. Also, you may want to run EasyApache with the "MailHeaders" option selected for PHP in Step #6, "Exhaustive Options List."
    There are a few options in Tweak Settings that would need to be setup. The first is "Track email origin via X-Source email headers", the second is "Prevent “nobody” from sending mail", and the third is "Add X-PopBeforeSMTP header for mail sent via POP-before-SMTP". Enable those options and you'll then be able to see the source of messages being sent through PHP.
    check mail queue an re layers on whm

    check accounts with cxs or maldet or clamav for viruses
     
    #3 k-planethost, Aug 18, 2011
    Last edited: Aug 18, 2011
  4. minosjl

    minosjl Well-Known Member

    Joined:
    Jun 4, 2011
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    cPanel Access Level:
    Root Administrator
    hi,

    I have a question about suphp.I was thought the suphp is more secure that dso handler , why suphp promotes spamming , can you explain a little but about that....
     
  5. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Athens Greece
    it is more secure than dso handler
    suPHP provides an additional layer of protection on servers. It causes php scripts to run under the account username instead of the user ‘nobody’ which is the user that apache/php would run under on a server that is not running suPHP. This feature allows us to more easily track any potential security breaches that come in via insecure php script(s) that a user is running. if you recompile apache with mail headers especially.
    suPHP also does away with the requirement of using 777 permissions on directories/files that need write permission. In fact if a directory and/or file has the permission set to (CHMOD) 777 and it is access via a browser, then an internal server error 500 will be generated. The highest level of permissions that a user can use on a suPHP enabled server is 755. This permission setting is sufficient enough for any directories/files that needs to be written to.
    i dont think that suphp promote spamming since with this you can catch spammer more easily if you know how to monitor your box..
    of course there are various methods to secure a server exept from suphp thats the beginning
     
  6. minosjl

    minosjl Well-Known Member

    Joined:
    Jun 4, 2011
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page