The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Email attack on a client..need help

Discussion in 'E-mail Discussions' started by damainman, Mar 4, 2004.

  1. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    Okay a friend of mine just created an account on my server, and just registered a domain name.. the problem is the second his domain name resolved onto my server he's been receiving 5-10 virus infected emails per day being sent to fake email address on his account. He hasn't even put any content onto his site, and he hasn't even created any email accounts.

    I have a RHE cpanel server with mailscanner+clamav on it, and so far mailscanner+clamav has been doing a good job on stopping the emails.. but the thing is the emails are being sent from different email address, and different ips.. so i can't even track down whats going on.

    I set his default email account to :fail:, but besides that i'm not sure what else to do. I was thinking maybe if i had the server reject all emails sent to his domain for like two weeks or something, it might minimize the problem alittle.. but i'm really not sure what to do?

    Any advice information will be greatly appreciated...Thank you.
     
  2. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    0
    I dont think clamv is a very efficient virus detector. We use F-secure and Sophos. Why dont you set the option in MailScanner to not warn you and not warn the client. Also set Mailscanner to not quaranteen the msgs. Then he and you wont be bothered by virus warnings etc. Never set it to :fail: unless you have made the speicial modification to exim that actually prevents mail from arriving via :fail:. You can find this modification on RS if you search the forums. If anything set it to :blackhole: if nothing else. Good luck!
     
  3. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for your reply. So if i set it to :fail: via cpanel, that setting doesn't work unless i actually edit exim?:confused:

    Also what do you mean by RS?

    Thank you in advance.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Slightly off-topic...

    It can be. If you are using MailScanner, installing the Mail::ClamAV perl module and then changing the virus scanner in MailScanner from clamav to clamavmodule vastly improves its performance.
     
  5. raventec

    raventec Well-Known Member

    Joined:
    Apr 19, 2003
    Messages:
    120
    Likes Received:
    0
    Trophy Points:
    16
    RS=RackShack I think. Now called EV1servers
     
  6. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    so no need to edit exim?
     
  7. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Is this in later versions? I installed it but mail was not delivered with the scanner set to clamavmodule...
     
  8. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Nevermind.:) 4.25 or later, huh? I've got 4.22 so I'll have to upgrade. That should improve the load.
     
  9. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    I also had to install the following perl modules:
    Net::CIDR
    Inline

    Then I had to change the following line in MailScanner.conf:
    to:
     
Loading...

Share This Page