The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hotmail Blocked my server ip

Discussion in 'E-mail Discussions' started by deieno, Oct 14, 2008.

  1. deieno

    deieno Well-Known Member

    Joined:
    Nov 16, 2003
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Floripa - Brazil
    Hi,
    hotmail has blocked one server of mine. I'm trying to figure what cause the spam but I can't find.

    From hotmail's "Smart Network Data Services" I'm seeing some messages that I can't find how it come out from our server. I searched all logs I could and didn't find the source.

    The messages marked as span is like this:
    Do you have any idea how this message is getting out from my server in the way it's not on the logs?

    thanks
     
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Are you using Chirpy's CSF+LFD firewall by chance?

    Do you have the SMTP Tweak enabled in the WHM Security Center?

    Chripy's CSF firewall incorporates the SMTP Tweak, I would recommend using it if you are not already using a software firewall on your server. For more information see his website:

    http://configserver.com

    My guess is that you don't have the SMTP Tweak enabled, either in the WHM or in CSF (if you are using CSF). Other firewall software may have a similar option.

    This is allowing users to connect directly to other mail servers, in this case Hotmail's mail server and bypassing your Exim mail server. That is why there is not an exim message-id in the message headers you gave.
     
  3. deieno

    deieno Well-Known Member

    Joined:
    Nov 16, 2003
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Floripa - Brazil
    Hi,
    thanks for the quickly soluction man.
    I have CSF, but this option was disabled.

    should be this option, right?

    # Block outgoing SMTP except for root, exim and mailman (forces scripts/users
    # to use the exim/sendmail binary instead of sockets access). This replaces the
    # protection as WHM > Tweak Settings > SMTP Tweaks
    SMTP_BLOCK = 1

    Thank you
     
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Yea, that's it. Be sure that the 1 is surrounded by quotation marks:

    SMTP_BLOCK = "1"

    Be sure to restart csf after making the change:

    csf -r

    I can't be certain that this is where the spam messages are coming from, but its a pretty good bet. You probably want this option enabled anyway, because even if it wasn't what was causing your spam issue, the method that I explained could still be used on your server to send out spam that would be extremely difficult to trace.

    With this option in place, nobody will be able to connect to remote SMTP servers directly (besides root, exim, and mailman).

    You may need to enable the option:

    SMTP_ALLOWLOCAL = "1"

    I believe one of the webmail applications in cPanel connects to the local SMTP server to send out mail instead of sending it out directly through the sendmail binary. Enabling the above option will allow users to connect to your local SMTP server.
     
  5. deieno

    deieno Well-Known Member

    Joined:
    Nov 16, 2003
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Floripa - Brazil
    great sparek-3,
    thank you very much for the tips

    Have a nice day ;-)
     
Loading...

Share This Page