The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to stop sendmail?

Discussion in 'E-mail Discussions' started by Sumanto09, Apr 17, 2017.

Tags:
  1. Sumanto09

    Sumanto09 Member

    Joined:
    Mar 17, 2017
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Kolkata, India
    cPanel Access Level:
    Root Administrator
    I want to uninstall sendmail from cPanel & WHM 64.0 (build 12)


    Please help me
     
    #1 Sumanto09, Apr 17, 2017
    Last edited by a moderator: Apr 17, 2017
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,617
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  3. Sumanto09

    Sumanto09 Member

    Joined:
    Mar 17, 2017
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Kolkata, India
    cPanel Access Level:
    Root Administrator
    Thanks for your response.

    I am using Exim and I want only Exim in my server no sendmail

    I do not want sendmail because in my hosting lot website are build with 3rd party software and they are utilizing sendmail to send huge amount of spam emails.

    Sendmail is of no help for me.

    Please help me.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,617
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Did you fully read the post I linked you to?
     
  5. Sumanto09

    Sumanto09 Member

    Joined:
    Mar 17, 2017
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Kolkata, India
    cPanel Access Level:
    Root Administrator
    Allready added "mail" in disable_functions option in PHP configuration.

    Still spam mails are sent.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You may find the following document helpful:

    How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation

    In particular, the section on "SMTP Restrictions" explains how this feature ensures spammers cannot directly interact with remote mail servers or work around mail security settings.

    Thank you.
     
  7. Sumanto09

    Sumanto09 Member

    Joined:
    Mar 17, 2017
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Kolkata, India
    cPanel Access Level:
    Root Administrator
    "SMTP Restrictions" is enabled.

    What is bothering me is no record of the spam emails are found on "Mail Delivery Reports".

    But IP listed in RBLs

     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You may want to contact the individual RBL list administrators to request delisting or to ask for more information about why your IP is added to the black list.

    Thank you.
     
  9. Sumanto09

    Sumanto09 Member

    Joined:
    Mar 17, 2017
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Kolkata, India
    cPanel Access Level:
    Root Administrator
    When I contact the RBL they say stop spam mails from your IP, when they stop your IP will be delisted.

    Few website build with wordpress are the culprit they were hacked. They send endless spam mail continuously.

    I told the owners of those site to fix the problem else I have to keep the sites suspended.

    They simply left.

    I am losing clients.

    I want to keep Exim only.

    I do not need "sendmail" at all. I want to uninstall it.

    Please help.
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  11. Sumanto09

    Sumanto09 Member

    Joined:
    Mar 17, 2017
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Kolkata, India
    cPanel Access Level:
    Root Administrator
    "Prevent “nobody” from sending mail" option under the "Mail" tab in "WHM >> Tweak Settings" is already enabled.

    I have checked the logs of the hacked domains-

    /var/log/apache2/domlogs/hacked domain name folder
    /var/log/apache2/domlogs/hacked domain name file
    /var/log/apache2/domlogs/hacked domain name-bytes_log

    Any of this has no record.

    But amazingly all other domain has records showing which IP accessed what.

    Now, what to do except uninstalling "sendmail"
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Disabling sendmail can break certain functionality (e.g. Autoresponders, Notifications) on a cPanel system and is unsupported. You're going to need to determine the source of the SPAM messages or implement other methods of preventing email abuse. If you wanted to temporarily disable sendmail to see if that helps you to identify the source of SPAM, then you'd rename the "/sbin/sendmail" file to something else.

    What PHP handler is enabled for the versions of PHP installed on the system?

    Thank you.
     
  13. Sumanto09

    Sumanto09 Member

    Joined:
    Mar 17, 2017
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Kolkata, India
    cPanel Access Level:
    Root Administrator
    In my server PHP handler is "suphp" for ea-php55, ea-php56, ea-php70

    And in Home »Software »MultiPHP INI Editor, disable_functions = symlink, show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen, ini_set, phpmail, mail


    Another thing please tell me how to get log records of mails sent by "sendmail"? like exim provides.

    Thank you.
     
    #13 Sumanto09, Apr 19, 2017
    Last edited: Apr 19, 2017
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    You'd need to switch to a handler such as CGI or DSO (where Apache runs as the "nobody" user) if you wanted the "Prevent “nobody” from sending mail" option to be more effective. However, generally the better approach is to implement better security practices to prevent exploits to scripts installed on the websites. There's a thread on this topic at:

    Log Checking

    Exim logs email activity to the /var/log/exim_mainlog file. The following thread is useful if you want to search this log:

    Reading and Understanding the exim main_log

    Thank you.
     
  15. Sumanto09

    Sumanto09 Member

    Joined:
    Mar 17, 2017
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Kolkata, India
    cPanel Access Level:
    Root Administrator
    please tell me how to get log records of mails sent by "sendmail"?

    I know how to check in Exim.
     
  16. germany

    germany Member

    Joined:
    Jul 15, 2016
    Messages:
    16
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    Berlin, DE
    cPanel Access Level:
    Website Owner
    There is nothing you can do to stop them from sending email that is spoofed. You can send an email and have it look like it's coming from anywhere, and your outgoing email server (if configured to accept it, which spammers obviously would) and it will accept it. Adding an SPF record might reduce the number of those emails received by people.

    You need to add (or append) to a TXT record in DNS.

    v=spf1 include:your.email.domain.here -all

    You can include more domains by adding another include: like:

    v=spf1 include:blah1.blach1.com include:blah.blah.com -all
     
  17. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Exim still processes the messages so activity is logged to /var/log/exim_mainlog. Another option to consider is to use a third-party application such as CSF/LFD:

    https://download.configserver.com/csf/readme.txt

    Search the above document for "LF_SCRIPT_LIMIT" for information about this feature can notify you about messages sent from the server through scripts.

    Thank you.
     
Loading...

Share This Page