The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to prevent spam to be sent out

Discussion in 'E-mail Discussions' started by Leonardo Gomes, Jun 25, 2013.

  1. Leonardo Gomes

    Leonardo Gomes Member

    Joined:
    Jun 10, 2005
    Messages:
    18
    Likes Received:
    1
    Trophy Points:
    153
    Hi,

    I'm exhausted to receive abuse complaint from my DC due spam attack from my servers and i really want to prevent it before happening and also want to now some tips to help me to implement a zero tolerance spam control on my servers.

    I would like to know with you gays what do you do, what logs you use or tools to find a script or account that is sending spam out of my servers, for example, today i received the following spam abuse report.

    ------------

    Code:
    Hello Abuse-Team,

your Server with the IP: xxx.xxx.xxx.xxx has attacked one of our server on the service:
"postfix"  on Time: Wed, 19 Jun 2013 22:10:08 +0200
The IP was automatically blocked for more than 10 minutes. To block an IP, it needs
3 failed Logins, one match for "invalid user" or a 5xx-Error-Code (eg. Blacklist)!

Please check the machine behind the IP xxx.xxx.xxx.xxx (hostname.server.com) and fix the problem.

real-time data for this day available at:

/http://support.clean-mx.de/clean-mx/publog?ip=xxx.xxx.xxx.xxx


You can parse this Mail with X-ARF-Tools (1. attachment = Details, 2. attachment = Logs).
You found more Information about X-Arf under /http://www.x-arf.org/specification.html

If you have a special x-arf email contact, please drop us a note.

In the attachment of this mail you can find the original protocols of our systems.

yours

Gerhard W. Recher
(Geschaeftsfuehrer)

NETpilot GmbH

Wilhelm-Riehl-Str. 13
D-80687 Muenchen

GSM: ++49 171 4802507

Handelsregister Muenchen: HRB 124497

w3: /http://www.clean-mx.de

e-Mail:   mailto:abuse@clean-mx.de
PGP-KEY:   Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552
Location: /http://www.clean-mx.de/downloads/abuse-at-clean-mx.de.pub.asc

Evidence:
attacked server: relay3.netpilot.net
envelopesender: user @ yahoo.com
enveloperecpient: user @ com-con.net
Helo: hostname.server.com
source-ip: xxx.xxx.xxx.xxx
protocol: ESMTP
instance: predata05.2dd.51c21020.45275.0
size: 18181
reason: 5 -->554 User (%s)  not known to us please verify your adressbook for any typos in this email adress or inquire manually
Evidences so far in total for this ip:1
    --------------------------

    My doubt is, how can i address this issue to find the user, script or account that is doing some attack or sending spam from my server.

    Thank you!
     
    #1 Leonardo Gomes, Jun 25, 2013
  2. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    352
    Likes Received:
    7
    Trophy Points:
    168
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    #2 ThinIce, Jun 26, 2013
  3. Leonardo Gomes

    Leonardo Gomes Member

    Joined:
    Jun 10, 2005
    Messages:
    18
    Likes Received:
    1
    Trophy Points:
    153
    Thanks your TIP Thinlce, i'm going to check this doc you shared me. I'm already using the CSF and also MailScanner on the server.

    So based on the email the abuse sent me, do you have any idea how can i figure out which user or script did this?
     
    #3 Leonardo Gomes, Jun 26, 2013
  4. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    352
    Likes Received:
    7
    Trophy Points:
    168
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    It'd certainly be worth checking your mail logs for the sender and recipient addresses / destination server IP mentioned in the abuse report, this should give you an idea of where the message originated on your system
     
    #4 ThinIce, Jun 26, 2013
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,323
    Likes Received:
    1,209
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    You may also want to consider enabling SpamAssassin for outgoing email. This is controlled by the following option under the "SpamAssassin Options" tab in "WHM Home » Service Configuration » Exim Configuration Manager":

    "Scan outgoing messages for spam and reject based on SpamAssassin® internal spam_score setting"

    Thank you.
     
    #5 cPanelMichael, Jul 2, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - prevent spam sent
  1. Tibbers

    Prevent spam emails

    Tibbers, Jun 6, 2017, in forum: E-mail Discussions
    Replies:
    1
    Views:
    93
    cPanelMichael
    Jun 6, 2017
  2. caisc

    Mod_security rules to prevent spam registrations and comments on wordpress sites

    caisc, Feb 7, 2017, in forum: Security
    Replies:
    12
    Views:
    521
    caisc
    Feb 10, 2017
  3. Bashed

    need help preventing malicious spam .php scripts

    Bashed, Jan 7, 2016, in forum: Security
    Replies:
    11
    Views:
    1,469
    quizknows
    Jan 11, 2016
  4. psytanium

    htaccess prevent cPanel AutoSSL to renew certificate

    psytanium, Jul 24, 2017 at 4:04 AM, in forum: Security
    Replies:
    1
    Views:
    33
    cPanelMichael
    Jul 24, 2017 at 11:58 AM
  5. Nirjonadda

    Configuration on FastCGI to prevent Error

    Nirjonadda, Jul 20, 2017 at 12:50 PM, in forum: EasyApache
    Replies:
    9
    Views:
    69
    cPanelMichael
    Jul 21, 2017 at 1:09 PM

Share This Page