The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to block outgoing un-authenticated emails

Discussion in 'E-mail Discussions' started by chrismfz, Jan 23, 2015.

  1. chrismfz

    chrismfz Well-Known Member

    Joined:
    Jul 4, 2007
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Greece
    cPanel Access Level:
    DataCenter Provider
    Regularly clients use old exploitable code which causes holes in their applications that eventually gets used by hackers to install malicious code. Most of the time this code is being used to send spam from our servers.

    We have no control over our clients code, so patching the holes is quite impossible.

    We use suPHP / suEXEC on all cPanel servers. Turning on "prevent nobody from sending emails" doesn't help.

    Every decent PHP script / app has options to use SMTP Authentication. So we can inform users to switch to smtp authentication and send emails from an authenticated user who they created.


    So having in mind that, how I could possibly stop any other ways to block outgoing spam mails ?
    I've seen malware scripts that they are using just mail() function, I've seen scripts obfuscated I don't even know what they use, anyway all of the spam is coming out NOT using smtp authentication (obviously) so how I can stop anything else except SMTP ?

    (including if I am wrong please correct me, not only PHP but cgi-bin / perl which someone can send emails using direct functions like sendmail($message); )
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    For PHP scripts, you could add "mail" to the disable_functions line in your PHP configuration file. The following document may also be helpful:

    How To Prevent Email Abuse

    Thank you.
     
  3. chrismfz

    chrismfz Well-Known Member

    Joined:
    Jul 4, 2007
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Greece
    cPanel Access Level:
    DataCenter Provider
    Hello thanks for your answer :)

    Isn't possible to block everything except authenticated users (using smtp) ? Someone could possibly use exec(sendmail); or e perl script.

    I found a guide, but I don't know if it safe enough?

    /http://bobcares.com/blog/blocking-spoofed-mails-going-out-of-your-cpanel-whm-web-hosting-server/
     
    #3 chrismfz, Jan 23, 2015
    Last edited: Jan 23, 2015
  4. alinford

    alinford Well-Known Member

    Joined:
    Nov 4, 2006
    Messages:
    50
    Likes Received:
    1
    Trophy Points:
    8
    I would like to implement the options in that guide, but have a couple of questions. Because of the wording used in the guide, I am not quite sure how to implement.

    Here is the first option:
    The default is acl_not_smtp = acl_not_smtp.
    Would I add that code under acl_not_smtp, or remove acl_not_smtp and add the new code?

    Same question for the second option:
    Mine is currently set to the default, acl_smtp_data = acl_smtp_data. So, it looks like I should add the above code below acl_smtp_data, not replace it.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You are welcome to try using the steps in that guide. It's a third-party customization so it's not officially supported, but it should not prevent Exim from starting successfully.

    The guide is suggesting you replace the existing entries rather than add the new entries beneath it.

    Thank you.
     
  6. hndservers

    hndservers Registered

    Joined:
    Dec 9, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Karachi, Pakistan, Pakistan
    cPanel Access Level:
    Root Administrator
    When I add setting under acl_not_smtp it perfectely stop sending withouth authentication, but now issue is that root mail forwarder is also stopped sending server notifications..
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's a third-party customization so it's possible things like this can happen. What error message do you see in /var/log/exim_mainlog when root attempts to send a notification?

    Thank you.
     
Loading...

Share This Page