Email Spamming , Mass mailing , IP Blacklisted , PHPMailer

[azadhussnain]

hello sir,
mass mailing and email spamming are going on from my server from last 2 months, i read all forums all documentation all articles and now i came to knew such articles, documentations won't help in critical situation.

every 5-10 days my IP got blacklisted in spamhaus and others.

Question 1. i think this is due to someone doing mass mailing from my server fro PHPmailer, is there any way from which we can stop sending emails from PHPMailer and only allow to send via SMTP ?

Question 2. DO someone have an pro tip from preventing IP blacklisting and stopping mass mailing from our servers ?

Question 3. can someone tell me how can i verify or authorize my IP address so that my client will not face mailing issues. like namecheap etc. IPs are never got blacklisted.

 

[sahostking]

I have some tips.

1. Ensure you are using the SMTP Tweak setting in WHM or alternatively if using CSF use SMTP Block instead.
2. Ensure you use in packages the Max emails per hour and the max defers setting to reasonable amounts.
3. Ensure you using the relay limitting features in CSF as they help alot.
4. Use CSF Blocklists to block common spammers
5. Check the Mail Queue Monitor to see if its possibly coming from Joomla or Wordpress sites if you are a PHP mailer.

Now PHP mailer queues are usually caused by Joomla or Wordpress so it may be those customer sites do not have captchas etc. and hence they are spamming from contact us forms.

Lastly you could purchase something like Config Outgoing spam Monitor which has awesome settings to limit things things and also tells you the user or email account that was spamming and keeps records. Also can auto block the IP doing the sending automatically when a limit is reached.

Outgoing Spam Monitor (osm) – ConfigServer Services

www.configserver.com

Alternatively look at using Bitninja or Imunify360 for scanning your Servers for Malware or infected scripts.

Use monitoring to monitor the amount of emails going out at any given time. For eg. When it hits 500 emails in mail queue of exim then it should popup on some monitoring. You can do this and link it to a nagios server easily but I am sure uptimerobot it may be possible too.

In general its hard to stop these types of things. So it all depends on looking at the email headers or the spam being sent out to see what is going on. CSF is free and can protect against alot of these using REGEX commands too but that is more advanced.

 

[cPRex]

The details provided by @sahostking are great! You may also find the following article helpful:

How to find the source of spam emails

Introduction In this article, we will be exploring means to determine how spam emails were sent from your server. This is meant to guide you in the right direction in which a further, more in-dep...

support.cpanel.net