limit mail account access to my IP

xml · Mar 1, 2014

Hello

is thier a way to limit my mail account access to my IP only?

I can not trust strong password only so I need more security proceedures to protect my mail account from spamers

cPanelMichael · Mar 3, 2014

Hello

Are you attempting to limit email access globally for the entire server or limit access to a single account?

Thank you.

xml · Mar 3, 2014

Limit email access globally for the entire server.

the past few days I am getting huge login failure alerted by LFD/csf firewall like this:

Time: Sat Mar 1 17:03:03 2014 +0300
IP: 27.55.7.191 (TH/Thailand/ppp-27-55-7-191.revip3.asianet.co.th)
Failures: 1 (smtpauth)
Interval: 3600 seconds
Blocked: Permanent Block
Click to expand...

and the pattern change to be attacks on mod_security:

Time: Mon Mar 3 09:48:12 2014 +0300
IP: 217.69.133.191 (RU/Russian Federation/fetcher7.mail.ru)
Failures: 1 (mod_security)
Interval: 3600 seconds
Blocked: Permanent Block
Click to expand...

I really dont understand what is happening and why suddenly all these huge attacks!!!!

cPanelMichael · Mar 3, 2014

The following options might be of help to you if you want to block access for all IP addresses except for your own:

"WHM Home » Security Center » Host Access Control"

"WHM Home » Security Center » cPHulk Brute Force Protection"

Thank you.

xml · Mar 4, 2014

Thank you cPanelMichael,

I already done that long time ago but that didnt stop the spammer from hijacking my email account password.

If I already configured /etc/hosts.deny to ALL:ALL and etc/hosts.allow to allow ONLY my Ip adress, how the spammer was able access my email account with different IP adress than mine?

cPanelMichael · Mar 4, 2014

We need more information about the emails that were sent out to address that question. For instance, what information were you able to obtain from the mail headers or logs in /var/log/exim_mainlog?

Thank you.

xml · Mar 4, 2014

There is no doubts the spam emails were sent from my server, when I checked (mail queue manager) in WHM there were hundreds of those emails listed and waiting to be sent as shown in the attached image.

what info do I need from mail headers or logs in /var/log/exim_mainlog? from the attachement its is obvious the spam is sent from my server and it stopped after I changed the email account password (strong one this time)

cPanelMichael · Mar 4, 2014

The mail headers and logs in /var/log/exim_mainlog might help explain "how" the messages were sent out (e.g. authentication or through a PHP script).

Thank you.

xml · Mar 5, 2014

Ok, here is the headers of one of spam emails:

Return-path: <>
Envelope-to: webmaster@mydomain.com
Delivery-date: Sat, 01 Mar 2014 13:13:41 +0300
Received: from mailnull by mydomain.softlayer.com with local (Exim 4.82)
id 1WJgvM-00081W-Tz
for webmaster@mydomain.com; Sat, 01 Mar 2014 13:13:40 +0300
X-Failed-Recipients: sabbre@hotmail.com,
json.5@hotmail.com,
mjbarron35@hotmail.com,
kjtaft@hotmail.com
Auto-Submitted: auto-replied
From: Mail Delivery System <Mailer-Daemon@mydomain.softlayer.com>
To: webmaster@mydomain.com
Subject: Mail delivery failed: returning message to sender
Message-Id: <E1WJgvM-00081W-Tz@mydomain.softlayer.com>
Date: Sat, 01 Mar 2014 13:13:40 +0300
Click to expand...

cPanelMichael · Mar 5, 2014

Is that a header of a message that you see in the mail queue? If you search for "determine spam source" on our forums you will see several threads that will help you through the process of how to identify the source of a SPAM message. EX:

SPAM Mail Sent From Server

Thank you.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

limit mail account access to my IP

xml Well-Known Member

cPanelMichael Technical Support Community Manager
Staff Member

xml Well-Known Member

cPanelMichael Technical Support Community Manager
Staff Member

xml Well-Known Member

cPanelMichael Technical Support Community Manager
Staff Member

xml Well-Known Member

Attached Files:

spam.jpg

cPanelMichael Technical Support Community Manager
Staff Member

xml Well-Known Member

cPanelMichael Technical Support Community Manager
Staff Member

Limit Max Incoming e-mails per account?

Find accounts that have hit hourly emails limit?

SOLVED Limit Hourly Email By Domain Instead Of By Server Account

Limiting cPanel account's default mailbox.

E-Mail Account Limits

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

limit mail account access to my IP

xml Well-Known Member

cPanelMichael Technical Support Community Manager Staff Member

xml Well-Known Member

cPanelMichael Technical Support Community Manager Staff Member

xml Well-Known Member

cPanelMichael Technical Support Community Manager Staff Member

xml Well-Known Member

Attached Files:

spam.jpg

cPanelMichael Technical Support Community Manager Staff Member

xml Well-Known Member

cPanelMichael Technical Support Community Manager Staff Member

Limit Max Incoming e-mails per account?

Find accounts that have hit hourly emails limit?

SOLVED Limit Hourly Email By Domain Instead Of By Server Account

Limiting cPanel account's default mailbox.

E-Mail Account Limits

Share This Page

cPanelMichael Technical Support Community Manager
Staff Member

cPanelMichael Technical Support Community Manager
Staff Member

cPanelMichael Technical Support Community Manager
Staff Member

cPanelMichael Technical Support Community Manager
Staff Member

cPanelMichael Technical Support Community Manager
Staff Member