The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to prevent spam to be sent out

Discussion in 'E-mail Discussions' started by Leonardo Gomes, Jun 25, 2013.

  1. Leonardo Gomes

    Joined:
    Jun 10, 2005
    Messages:
    18
    Likes Received:
    1
    Trophy Points:
    1
    Hi,

    I'm exhausted to receive abuse complaint from my DC due spam attack from my servers and i really want to prevent it before happening and also want to now some tips to help me to implement a zero tolerance spam control on my servers.

    I would like to know with you gays what do you do, what logs you use or tools to find a script or account that is sending spam out of my servers, for example, today i received the following spam abuse report.

    ------------

    Code:
    Hello Abuse-Team,
    
    your Server with the IP: xxx.xxx.xxx.xxx has attacked one of our server on the service:
    "postfix"  on Time: Wed, 19 Jun 2013 22:10:08 +0200
    The IP was automatically blocked for more than 10 minutes. To block an IP, it needs
    3 failed Logins, one match for "invalid user" or a 5xx-Error-Code (eg. Blacklist)!
    
    Please check the machine behind the IP xxx.xxx.xxx.xxx (hostname.server.com) and fix the problem.
    
    real-time data for this day available at:
    
    /http://support.clean-mx.de/clean-mx/publog?ip=xxx.xxx.xxx.xxx
    
    
    You can parse this Mail with X-ARF-Tools (1. attachment = Details, 2. attachment = Logs).
    You found more Information about X-Arf under /http://www.x-arf.org/specification.html
    
    If you have a special x-arf email contact, please drop us a note.
    
    In the attachment of this mail you can find the original protocols of our systems.
    
    yours
    
    Gerhard W. Recher
    (Geschaeftsfuehrer)
    
    NETpilot GmbH
    
    Wilhelm-Riehl-Str. 13
    D-80687 Muenchen
    
    GSM: ++49 171 4802507
    
    Handelsregister Muenchen: HRB 124497
    
    w3: /http://www.clean-mx.de
    
    e-Mail:   mailto:abuse@clean-mx.de
    PGP-KEY:   Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552
    Location: /http://www.clean-mx.de/downloads/abuse-at-clean-mx.de.pub.asc
    
    Evidence:
    attacked server: relay3.netpilot.net
    envelopesender: user @ yahoo.com
    enveloperecpient: user @ com-con.net
    Helo: hostname.server.com
    source-ip: xxx.xxx.xxx.xxx
    protocol: ESMTP
    instance: predata05.2dd.51c21020.45275.0
    size: 18181
    reason: 5 -->554 User (%s)  not known to us please verify your adressbook for any typos in this email adress or inquire manually
    Evidences so far in total for this ip:1
    
    --------------------------

    My doubt is, how can i address this issue to find the user, script or account that is doing some attack or sending spam from my server.

    Thank you!
     
  2. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
  3. Leonardo Gomes

    Joined:
    Jun 10, 2005
    Messages:
    18
    Likes Received:
    1
    Trophy Points:
    1
    Thanks your TIP Thinlce, i'm going to check this doc you shared me. I'm already using the CSF and also MailScanner on the server.

    So based on the email the abuse sent me, do you have any idea how can i figure out which user or script did this?
     
  4. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    It'd certainly be worth checking your mail logs for the sender and recipient addresses / destination server IP mentioned in the abuse report, this should give you an idea of where the message originated on your system
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You may also want to consider enabling SpamAssassin for outgoing email. This is controlled by the following option under the "SpamAssassin Options" tab in "WHM Home » Service Configuration » Exim Configuration Manager":

    "Scan outgoing messages for spam and reject based on SpamAssassin® internal spam_score setting"

    Thank you.
     
Loading...

Share This Page