Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Prevent users from sending emails that gets server IP blocked?

Discussion in 'E-mail Discussion' started by Shood, Sep 14, 2018.

  1. Shood

    Shood Well-Known Member

    Joined:
    Aug 12, 2015
    Messages:
    74
    Likes Received:
    14
    Trophy Points:
    83
    Location:
    Middle East
    cPanel Access Level:
    Root Administrator
    Hello there,
    I need your suggestions please about avoiding this issue:

    Before about 3 months ago, one of my customers sent an email message with about 40 recipients email addresses (@yahoo.com) So yahoo.com received about 40 messages at the same time delivered from my server.
    Immediately they blocked my server. So all other domains hosted on my server cannot send emails to Yahoo.
    I contacted them for hundreds of time within three months but no luck.
    Finally, my server can sends to Yahoo now.

    My question is: How you can protect your server against a similar scenario?
    Suppose that there's someone has a domain on your server and wants to play with you, he can send a message to 50 emails (and maybe he choose mistake addresses to harm you). In this case your server will get blocked on Yahoo, Hotmail ...etc
    From your experiences as a server owner, how to protect your server?
    I think that setting MAX_HOURLY_EMAIL to 10 emails isn't a good idea.

    Any idea will be appreciated.
    Thank you
     
    Gino Viroli likes this.
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,502
    Likes Received:
    509
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @Shood

    Sending 40 messages to yahoo actually shouldn't have blocked your server unless one of the following conditions were met:

    1. The mail was obvious spam
    2. Your server doesn't meet their bulk sender guidelines; Yahoo Mail deliverability FAQs | Yahoo Help - SLN24439
    3. Related to both above an email can match either of these conditions if you don't have a valid PTR, SPF or DKIM for the domain.

    With those points in mind it's difficult at this point to tell you what specifically happened (especially with no access to the server)
    I will say that protecting your server from this kind of behaviour occurring again would need to include a few points:

    - There are several spam protection settings in tweak settings that would be relevant in this case one of which is as following found in WHM>>Server Configuration>>Tweak settings:
    Monitor the number of unique recipients per hour to detect potential spammers.
    The system will monitor the number of emails to unique recipients that each individual email user sends. If this number exceeds the specified threshold, the system will send a notification.
    -
    While setting this to 10 may be restrictive this can be modified to whatever you find reasonable for your domains

    - You can enable SpamAssassin for outbound mail which can help prevent spam from leaving your server in the event an account is compromised.


    The documentation here may also be helpful:
    How to Keep your Email Out of the Spam Folder - cPanel Knowledge Base - cPanel Documentation
    How to Prevent Spam with Mail Limiting Features - cPanel Knowledge Base - cPanel Documentation
    How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Shood likes this.
  3. Shood

    Shood Well-Known Member

    Joined:
    Aug 12, 2015
    Messages:
    74
    Likes Received:
    14
    Trophy Points:
    83
    Location:
    Middle East
    cPanel Access Level:
    Root Administrator
    Hello @cPanelLauren
    Thank you very much for this rich information.
    My server meeting the three conditions you've mentioned, I think that the major reason of blocking is the invalid email addresses that user sent to, about 10 of 40 addresses on Yahoo are missing.
    Yahoo support team said that "maybe" the reason is that: my server wasn't sent emails to Yahoo for a while then suddenly it received a big amount (40) emails with some invalid email addresses.

    About protecting my server from this kind of behavior in the future, I will take a deep look at the helpful links and steps you've provided me, in case I need your advice again I will get back here :)

    Regards.
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,502
    Likes Received:
    509
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Shood

    I would suggest if nothing else you ensure that each domain has a valid SPF and DKIM and the server's IP's used to send mail have valid PTR records. This is one of the most important methods of preventing blacklisting/blocking. Please let me know if you have any questions on the documentation I provided as well.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Gino Viroli likes this.
  5. Shood

    Shood Well-Known Member

    Joined:
    Aug 12, 2015
    Messages:
    74
    Likes Received:
    14
    Trophy Points:
    83
    Location:
    Middle East
    cPanel Access Level:
    Root Administrator
    Hello @cPanelLauren,
    Thank you for your interest.
    I think that all settings are well, I even got an assistance from a support team.
    PTR is valid, I tested it through "dig command"

    Only I need your answer about the following please:
    1- You said: "...each domain has a valid SPF and DKIM", I processed: Home »DNS Functions »Enable DKIM/SPF Globally, is it enough to ensure that all are valid or is there a command to check it for a specific domain?
    2-About Max_Hourly: are emails sent between the same domain users count? e.g. from: [email protected] To [email protected]

    Thank you.
     
  6. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,502
    Likes Received:
    509
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Enabling this globally will enable it for all domains but will only take effect on domains that have DNS hosted locally on your server (meaning their nameservers are pointed to your server) You can confirm manually per domain by running the following:

    For SPF
    Code:
    dig txt domain.tld +short
    For DKIM
    Code:
    dig txt default._domainkey.domain.tld +short
    Yes that's included in the max hourly total as well
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Shood likes this.
  7. Shood

    Shood Well-Known Member

    Joined:
    Aug 12, 2015
    Messages:
    74
    Likes Received:
    14
    Trophy Points:
    83
    Location:
    Middle East
    cPanel Access Level:
    Root Administrator
    Thank you @cPanelLauren
    All is well, according to all links and information you've provided me.
    All settings applied correctly and working fine

    So there's nothing to do more to prevent this bad kind of behavior (a user send deliberately one message from my server contains an amount of invalid email addresses to a single destination e.g. @Yahoo.com)
    Thank you again & Best regards
     
  8. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    445
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    There is not much you can do to prevent this type of behaviour, other than what @cPanelLauren has already advised.

    If the laws of your country permit it, you should make sure that your Terms and Conditions allow you to suspend or delete any user that is found to be abusing your server for any malicious or illegal activities.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelLauren and Shood like this.
  9. Shood

    Shood Well-Known Member

    Joined:
    Aug 12, 2015
    Messages:
    74
    Likes Received:
    14
    Trophy Points:
    83
    Location:
    Middle East
    cPanel Access Level:
    Root Administrator
    Hi @rpvw,
    Yes this is already one of our terms of use.
    Thank you for your reply.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice