netlook

Well-Known Member
Mar 25, 2004
335
0
166
Hi

One of our users have viruses on his computer. It try to send SPAM, but until he will check his POP3 account, it can't. After he check POP3 account, IP goes to /etc/relayhosts and this virus can send SPAM. how to prevent this??? It is major issue now for us.

Thanks
 

webignition

Well-Known Member
Jan 22, 2005
1,880
0
166
There are plenty of options. Here are but a few:

1) Install MailScanner
MailScanner will check both incoming and outgoing mail for spam, which would work well in such cases.

I'd recommend Chirpy's MailScanner package as it's worth it's weight in gold.
http://configserver.com/cp/mailscanner.html

2) Disable 'POP before SMTP' authentication
Force the user to authenticate using standard SMTP authentication. This might help.

3) Suspend the account
The user is sending spam, so suspend their account. Admittedly it might not seem that the user is directly responsible for sending the spam, however it is their responsibility to ensure that their computer is free from malicious software. If you take into account the user's carelessness and ignorance, you could argue that they are responsible for sending the spam.
 

netlook

Well-Known Member
Mar 25, 2004
335
0
166
Thanks for your suggestions, I suspended this user account and he is now searching his computer for viruses, but I don't have sure he will find them. I'm worry that after unsuspending, the story begins.

I don't use MailScanner, because of high resource eating by this software.

Are there anyway to block relayhosts for only one domain? Eg. User form xxxxx account wont be able to put his IP into /etc/relayhosts, other users wont be affected?

Thanks
 

maverick23

Well-Known Member
Feb 23, 2005
92
0
156
cPanel Access Level
DataCenter Provider
try editing the file :- /usr/sbin/antirelayd

search for "my $exptime"

just change it to (time() - (60*0))

in this case the user will be forced to opt for SMTP AUTH and relayhosts file will be taken care of.

This works for me.
 

netlook

Well-Known Member
Mar 25, 2004
335
0
166
It is very good. What about cPanel updates, does it affect this modification?