The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how to redirect account-generated emails

Discussion in 'E-mail Discussions' started by dev.null, Dec 6, 2011.

  1. dev.null

    dev.null Well-Known Member

    Joined:
    May 27, 2003
    Messages:
    75
    Likes Received:
    1
    Trophy Points:
    6
    I have an account that hosts wordpress, which has been compromised. It keeps sending out spam emails. The "nice" thing is the emails are from the hosting account address (i.e. account@hosting.server.com), and not from a fictitious account or another real account on the hosted website.

    Is there a quick rule I can put in exim that would either (a) delete/ignore any emails or (b) redirect the emails to another account for examination?

    Thanks!
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    I certainly couldn't advise deleting or ignoring spam emails that your compromised site is sending. It seems you would want to be aware any account is compromised and be checking the emails it is spamming out. That's part of server administration.

    Next, why do the emails need to be redirected to another account rather than using the default user of that account's email? You could always use the SMTP authentication plugin for wordpress to have any account used for sending that you log into on the server. Under SMTP authentication, the emails should be sent by the user who authenticates. Here is a link to that plugin:

    WordPress › WP Mail SMTP « WordPress Plugins
     
  3. dev.null

    dev.null Well-Known Member

    Joined:
    May 27, 2003
    Messages:
    75
    Likes Received:
    1
    Trophy Points:
    6
    You're 100% right - that's why I'd prefer to have them sent to an email address I can monitor and not have them sent out "for real".

    I'm not really understanding your question. The default account is not *receiving* the emails, it's the one *sending* the spam. So I'm not really interested in the *inbound* email going to that account, I'm interested in the *outbound* spam that it's sending.

    If I'm not understanding what you're saying, please do take the time to clarify.

    Most compromised wordpress installs don't send email through the existing wordpress code. Most of them use wordpress to setup their own send_email.php type script that they call directly, outside of wordpress, to send emails. Such is this case.
     
  4. ruzbehraja

    ruzbehraja Well-Known Member

    Joined:
    May 19, 2011
    Messages:
    383
    Likes Received:
    7
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Based on what I have understood:
    A WP site is receiving junk enquiries / spam posts through the forms or is sending out mail through a compromised mailing script.

    Solution:
    You need to disable sending through the 'nobody' user on your server.

    WHM >> Tweak Settings >> Mail >> Prevent “nobody” from sending mail.


    This will require all users on your server to use SMTP Authentication (use a valid email id and password to send mail). Any user that does not use SMTP Authentication, their form submissions will be forwarded to the root address and the message will be discarded.

    But do note that if the site is compromised, the root address will be flooded with junk mail.

    You should be seriously looking at plugging the vulnerabilities too.

    Hope this is what you wanted.
     
Loading...

Share This Page