Sumanto09

Member
Mar 17, 2017
20
0
1
Kolkata, India
cPanel Access Level
Root Administrator
Thanks for your response.

I am using Exim and I want only Exim in my server no sendmail

I do not want sendmail because in my hosting lot website are build with 3rd party software and they are utilizing sendmail to send huge amount of spam emails.

Sendmail is of no help for me.

Please help me.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
"SMTP Restrictions" is enabled.

What is bothering me is no record of the spam emails are found on "Mail Delivery Reports".

But IP listed in RBLs
Hello,

You may want to contact the individual RBL list administrators to request delisting or to ask for more information about why your IP is added to the black list.

Thank you.
 

Sumanto09

Member
Mar 17, 2017
20
0
1
Kolkata, India
cPanel Access Level
Root Administrator
When I contact the RBL they say stop spam mails from your IP, when they stop your IP will be delisted.

Few website build with wordpress are the culprit they were hacked. They send endless spam mail continuously.

I told the owners of those site to fix the problem else I have to keep the sites suspended.

They simply left.

I am losing clients.

I want to keep Exim only.

I do not need "sendmail" at all. I want to uninstall it.

Please help.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363

Sumanto09

Member
Mar 17, 2017
20
0
1
Kolkata, India
cPanel Access Level
Root Administrator
"Prevent “nobody” from sending mail" option under the "Mail" tab in "WHM >> Tweak Settings" is already enabled.

I have checked the logs of the hacked domains-

/var/log/apache2/domlogs/hacked domain name folder
/var/log/apache2/domlogs/hacked domain name file
/var/log/apache2/domlogs/hacked domain name-bytes_log

Any of this has no record.

But amazingly all other domain has records showing which IP accessed what.

Now, what to do except uninstalling "sendmail"
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello,

Disabling sendmail can break certain functionality (e.g. Autoresponders, Notifications) on a cPanel system and is unsupported. You're going to need to determine the source of the SPAM messages or implement other methods of preventing email abuse. If you wanted to temporarily disable sendmail to see if that helps you to identify the source of SPAM, then you'd rename the "/sbin/sendmail" file to something else.

"Prevent “nobody” from sending mail" option under the "Mail" tab in "WHM >> Tweak Settings" is already enabled.
What PHP handler is enabled for the versions of PHP installed on the system?

Thank you.
 

Sumanto09

Member
Mar 17, 2017
20
0
1
Kolkata, India
cPanel Access Level
Root Administrator
What PHP handler is enabled for the versions of PHP installed on the system?
In my server PHP handler is "suphp" for ea-php55, ea-php56, ea-php70

And in Home »Software »MultiPHP INI Editor, disable_functions = symlink, show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen, ini_set, phpmail, mail


Another thing please tell me how to get log records of mails sent by "sendmail"? like exim provides.

Thank you.
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
In my server PHP handler is "suphp" for ea-php55, ea-php56, ea-php70
You'd need to switch to a handler such as CGI or DSO (where Apache runs as the "nobody" user) if you wanted the "Prevent “nobody” from sending mail" option to be more effective. However, generally the better approach is to implement better security practices to prevent exploits to scripts installed on the websites. There's a thread on this topic at:

Log Checking

Another thing please tell me how to get log records of mails sent by "sendmail"? like exim provides.
Exim logs email activity to the /var/log/exim_mainlog file. The following thread is useful if you want to search this log:

Reading and Understanding the exim main_log

Thank you.
 

germany

Member
Jul 15, 2016
17
4
3
Berlin, DE
cPanel Access Level
Website Owner
There is nothing you can do to stop them from sending email that is spoofed. You can send an email and have it look like it's coming from anywhere, and your outgoing email server (if configured to accept it, which spammers obviously would) and it will accept it. Adding an SPF record might reduce the number of those emails received by people.

You need to add (or append) to a TXT record in DNS.

v=spf1 include:your.email.domain.here -all

You can include more domains by adding another include: like:

v=spf1 include:blah1.blach1.com include:blah.blah.com -all
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
please tell me how to get log records of mails sent by "sendmail"?

I know how to check in Exim.
Exim still processes the messages so activity is logged to /var/log/exim_mainlog. Another option to consider is to use a third-party application such as CSF/LFD:

https://download.configserver.com/csf/readme.txt

Search the above document for "LF_SCRIPT_LIMIT" for information about this feature can notify you about messages sent from the server through scripts.

Thank you.
 
Thread starter Similar threads Forum Replies Date
Q Email 2
Mauritz Email 2
V Email 2
C Email 2
manokiss Email 8