Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Email attack on a client..need help

Discussion in 'E-mail Discussion' started by damainman, Mar 4, 2004.

  1. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    166
    Okay a friend of mine just created an account on my server, and just registered a domain name.. the problem is the second his domain name resolved onto my server he's been receiving 5-10 virus infected emails per day being sent to fake email address on his account. He hasn't even put any content onto his site, and he hasn't even created any email accounts.

    I have a RHE cpanel server with mailscanner+clamav on it, and so far mailscanner+clamav has been doing a good job on stopping the emails.. but the thing is the emails are being sent from different email address, and different ips.. so i can't even track down whats going on.

    I set his default email account to :fail:, but besides that i'm not sure what else to do. I was thinking maybe if i had the server reject all emails sent to his domain for like two weeks or something, it might minimize the problem alittle.. but i'm really not sure what to do?

    Any advice information will be greatly appreciated...Thank you.
     
  2. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    1
    Trophy Points:
    166
    I dont think clamv is a very efficient virus detector. We use F-secure and Sophos. Why dont you set the option in MailScanner to not warn you and not warn the client. Also set Mailscanner to not quaranteen the msgs. Then he and you wont be bothered by virus warnings etc. Never set it to :fail: unless you have made the speicial modification to exim that actually prevents mail from arriving via :fail:. You can find this modification on RS if you search the forums. If anything set it to :blackhole: if nothing else. Good luck!
     
  3. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    166
    Thanks for your reply. So if i set it to :fail: via cpanel, that setting doesn't work unless i actually edit exim?:confused:

    Also what do you mean by RS?

    Thank you in advance.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Slightly off-topic...

    It can be. If you are using MailScanner, installing the Mail::ClamAV perl module and then changing the virus scanner in MailScanner from clamav to clamavmodule vastly improves its performance.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. raventec

    raventec Well-Known Member

    Joined:
    Apr 19, 2003
    Messages:
    120
    Likes Received:
    0
    Trophy Points:
    166
    RS=RackShack I think. Now called EV1servers
     
  6. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    166
    so no need to edit exim?
     
  7. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    191
    Is this in later versions? I installed it but mail was not delivered with the scanner set to clamavmodule...
     
  8. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    191
    Nevermind.:) 4.25 or later, huh? I've got 4.22 so I'll have to upgrade. That should improve the load.
     
  9. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    191
    I also had to install the following perl modules:
    Net::CIDR
    Inline

    Then I had to change the following line in MailScanner.conf:
    to:
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice