The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

"Max hourly emails per domain" not being applied

Discussion in 'E-mail Discussions' started by keithl, Feb 18, 2013.

  1. keithl

    keithl Member

    Joined:
    Jan 14, 2010
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    To prevent misuse etc I've set the Tweak Settings > Mail > Max hourly emails per domain setting to 500, which if anything is perhaps overly generous, however it looks like that setting isn't having the desired effect.

    Thanks to a user with a compromised password we had a flood of spam sent through our server last week, so I went in search of a way to rate limit the SMTP connections, only to find I'd already set it previously.

    The email flood lasted less than an hour before we spotted the issue and fixed it, however in that time according to the View Sent Summary report, some 80k messages were sent. The breakdown from the report for the guilty domain was :

    Successful = 80,504
    Deferrals = 8,442
    Failures = 0
    Total Messages = 4,895

    so whichever way you look at it they sent a LOT more than 500 messages. Those additional messages couldn't have been simply dropped since when I checked the logs of our smart host that showed it had indeed received WAY more than 500 messages to be delivered.

    Anyone know why the sending limit wouldn't have been applied and what I can do to ensure it's properly configured for the future? Is there some other place I need to set it as well?

    Running WHM 11.34.1 (Build 7).
     
  2. MilesWeb

    MilesWeb Well-Known Member
    PartnerNOC

    Joined:
    May 23, 2012
    Messages:
    174
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    It is applied on the domains hosted on the server. For example the limit is on yourdomain.com. But, when such spam/bulk emails are sent they are usually not sent using yourdomain.com. The to address is cPanel-username@server.hostname.com. So, emails are sent as limit is never set on server.hostname.com.
     
  3. keithl

    keithl Member

    Joined:
    Jan 14, 2010
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    Thanks for the info, obviously not what I hoping to hear but it's good to know.

    Just to check I understand you correctly, essentially the 'Max hourly emails per domain' setting and the 'View Sent Summary' report actually refer to completely different things where "Domain" is concerned.

    The setting references the actual domain used in the from field, regardless of the domain associated with the login used to send the message. The report however references the domain / account used to send the message, not what appeared in the from field?

    However...

    While the spammer did indeed use an alternate domain to send with, every message they sent was from ldtumanenssasg@3mail.org. Actually that might not be 100% true, however when it happened I grepped the exim_mainlog for that address, and there were 4,871 messages sent (within 30 minutes), each of which were sent to multiple recipients, so surely that should have tripped the 500 emails per domain restriction, if only for messages "from" 3mail.org?
     
Loading...

Share This Page