The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Outbound spamassasssin scanning flaw?

Discussion in 'E-mail Discussions' started by optize, Apr 19, 2013.

  1. optize

    optize Well-Known Member

    Joined:
    Apr 27, 2005
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    Is it possible to move the outbound scan for spamassassin after it checks to make sure they haven't hit their mail per hour limit?

    This is the current method:

    ---

    2013-04-19 14:25:01 1UTCFJ-0002OA-8t U=<<user>> Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as NOT spam (4.7)"
    2013-04-19 14:25:01 1UTCFJ-0002OA-8t <= <<email>> U=<<user>> P=local S=924 T="Fw: <<spam subject here>>" for <<dest email address>>
    2013-04-19 14:25:01 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1UTCFJ-0002OA-8t
    2013-04-19 14:25:01 1UTCFJ-0002OA-8t ** <<dest email address>> R=enforce_mail_permissions: Domain <<domain>> has exceeded the max emails per hour (75/60 (125%)) allowed. Message discarded.
    2013-04-19 14:25:01 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1UTCFJ-0002OA-8t
    2013-04-19 14:25:01 1UTCFJ-0002OJ-FS <= <> R=1UTCFJ-0002OA-8t U=mailnull P=local S=1889 T="Mail delivery failed: returning message to sender" for <<email>>
    2013-04-19 14:25:01 1UTCFJ-0002OA-8t Completed

    --

    In this example, this customer got hacked we allow 60 emails per hour to prevent getting on RBLs and what not. However, it was still sending out a ton of emails every minute (and being rejected), yet each message was being scanned by spamd and killing the CPU.
     
Loading...

Share This Page