The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New SPAM problem

Discussion in 'General Discussion' started by netlook, Jun 27, 2006.

  1. netlook

    netlook Well-Known Member
    PartnerNOC

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    16
    Hi

    One of our users have viruses on his computer. It try to send SPAM, but until he will check his POP3 account, it can't. After he check POP3 account, IP goes to /etc/relayhosts and this virus can send SPAM. how to prevent this??? It is major issue now for us.

    Thanks
     
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    There are plenty of options. Here are but a few:

    1) Install MailScanner
    MailScanner will check both incoming and outgoing mail for spam, which would work well in such cases.

    I'd recommend Chirpy's MailScanner package as it's worth it's weight in gold.
    http://configserver.com/cp/mailscanner.html

    2) Disable 'POP before SMTP' authentication
    Force the user to authenticate using standard SMTP authentication. This might help.

    3) Suspend the account
    The user is sending spam, so suspend their account. Admittedly it might not seem that the user is directly responsible for sending the spam, however it is their responsibility to ensure that their computer is free from malicious software. If you take into account the user's carelessness and ignorance, you could argue that they are responsible for sending the spam.
     
  3. netlook

    netlook Well-Known Member
    PartnerNOC

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for your suggestions, I suspended this user account and he is now searching his computer for viruses, but I don't have sure he will find them. I'm worry that after unsuspending, the story begins.

    I don't use MailScanner, because of high resource eating by this software.

    Are there anyway to block relayhosts for only one domain? Eg. User form xxxxx account wont be able to put his IP into /etc/relayhosts, other users wont be affected?

    Thanks
     
  4. maverick23

    maverick23 Well-Known Member

    Joined:
    Feb 23, 2005
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    try editing the file :- /usr/sbin/antirelayd

    search for "my $exptime"

    just change it to (time() - (60*0))

    in this case the user will be forced to opt for SMTP AUTH and relayhosts file will be taken care of.

    This works for me.
     
  5. netlook

    netlook Well-Known Member
    PartnerNOC

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    16
    It is very good. What about cPanel updates, does it affect this modification?
     
  6. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Mailscanner as installed by Chirpy uses a lot less resources than the generic version, if I remember correctly.
     
Loading...

Share This Page