The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

new cpanel allows email relay

Discussion in 'E-mail Discussions' started by simon templar, May 22, 2008.

  1. simon templar

    simon templar Member

    Joined:
    Mar 28, 2008
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    hi all,

    i am new to cpanel. i just configured a couple of domains, and i just realized that the box is a total welcome for relay. how can i configure exim so it does NOT relay any email for a domain that is NOT in /etc/localdomains ?

    Thank you
     
  2. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    689
    Likes Received:
    1
    Trophy Points:
    18
    Simon,
    Our default installation of exim prevents an open relay. If you believe that something different is happening, please submit a support ticket so we can investigate (see link in my signature).
     
  3. J.O.E.

    J.O.E. Registered

    Joined:
    Feb 19, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Problem with email relaying

    I am having a similar problem.

    Some spammer is using my server to send
    his SPAM. Several thousand emails every day.:mad:

    They are all being sent using Outlook with an
    envelope using my server name. How can I
    stop this from happening?


    J.O.E.
     
  4. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    689
    Likes Received:
    1
    Trophy Points:
    18
  5. J.O.E.

    J.O.E. Registered

    Joined:
    Feb 19, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Tested - passed

    Testing successful! - the SMTP server is NOT an open relay.

    Now what?
     
  6. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    689
    Likes Received:
    1
    Trophy Points:
    18
    If your server is not an open relay, either someone has gotten a hold of a mail account password and is spamming with that account or a script is spamming.

    To troubleshooting #1 check /var/log/exim_mainlog to see what domain is sending out tons of mail.

    To troubleshoot #2, make sure suPHP (Apache 2.2.x or 2.0x.) or phpsuexec (Apache 1.3.x) is turned on to force PHP scripts to run as the user that owns them. Then, check to see what scripts are running as which users and investigate running scripts to see if any are used for mass mailing / spamming.
     
  7. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    689
    Likes Received:
    1
    Trophy Points:
    18
    You may also want to modify this setting in WHM's Tweak Settings under the Mail heading:

    The maximum each domain can send out per hour (0 is unlimited)


    Setting this to a number lower than the default 500 may prevent mass mailing. You should note that this may affect customers with large mailing lists.


    After enabling suPHP / PHPsuexec, you'll want to make sure that the option below the above one is checked:

    Prevent the user "nobody" from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.)
     
  8. elkram

    elkram Active Member

    Joined:
    Nov 21, 2004
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    Since yesterday's Release update, antirelayd and eximstats have failed. A manual restart of exim had no effect.

    Any suggestions?

    Thanks.
     
  9. J.O.E.

    J.O.E. Registered

    Joined:
    Feb 19, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the suggestions.

    We have suexec running on Apache 1.3.

    All of the email on the server is sent through
    the host domain - mail.myserver.com - since
    I really don't know how to enable it to send
    using the individual domain names.

    I will be looking at the headers the next time
    to see if the phpsuexec has been able to
    identify the source.

    Is there any way to just stop access by Outlook?
    The headers have all identified Outlook as the
    origination point of the spam.

    Thanks again.
     
  10. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Please open a ticket @ https://tickets.cpanel.net/submit/
     
  11. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    689
    Likes Received:
    1
    Trophy Points:
    18
    suexec will show you the owner of CGI scripts. You need to use phpSuexec to see the owner of PHP scripts who are likely the culprits for sending mass email.

    There's no easy way to prevent a specific mail client from sending mail. If outlook is being used to send the spam, you need to change the email account passwords as someone has gotten a hold of them.

    Are you saying that you only have 1 email account on the server? I'm a bit confused.

    To add more email accounts, simply log into cPanel for a domain and go to the Email Accounts icon. There you can add email accounts quickly.

    To easily determine who's sending the mail, if you have multiple accounts go into WebHost Manager and type Mail Statistics in the Find box. You'll then see a link for View Mail Statistics which will show you which domains are sending and receiving the most mail.
     
Loading...

Share This Page