Protect CPanel From Outgong Spammer (Fake Sender)

al_bozorgi

Member
Nov 6, 2013
13
0
1
cPanel Access Level
Root Administrator
How Protect CPanel From Outgong EMAIL Spammer (Fake Sender)

hi,
for knowing what i want , create a new PHP file in your public_html directory and put this code on it :


PHP:
<h2>Feedback Form</h2>
<?php
// display form if user has not clicked submit
if (!isset($_POST["submit"])) {
  ?>
  <form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">
  From: <input type="text" name="from"><br>
  Subject: <input type="text" name="subject"><br>
  Message: <textarea rows="10" cols="40" name="message"></textarea><br>
  <input type="submit" name="submit" value="Submit Feedback">
  </form>
  <?php
} else {    // the user has submitted the form
  // Check if the "from" input field is filled out
  if (isset($_POST["from"])) {
    $from = $_POST["from"]; // sender
    $subject = $_POST["subject"];
    $message = $_POST["message"];
    // message lines should not exceed 70 characters (PHP rule), so wrap it
    $message = wordwrap($message, 70);
    // send mail
    mail("[email protected]",$subject,$message,"From: $from\n");
    echo "HA HA I Send SPAM";
  }
}
?>
change [email protected] to your personal email for test.

when run this script at browser you can send email with unregisterd domain and email account .

many spamer script use php code like this .

my Quotation is HOW Reject this fake email sender Script from CPanel ??

the only way i found is : add mail in disable_function in main php.ini but this way not good becase many good script blocked by this command.
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello :)

The following document is a good place to start to prevent email abuse:

How to Prevent Email Abuse

You can't really prevent spoofing if you want to allow PHP scripts to send out email without authentication, but you can make it easier to identify the spammers by enabling the following option in "WHM Home » Service Configuration » Exim Configuration Manager":

"EXPERIMENTAL: Rewrite From: header to match actual sender"

Also, some administrators enable SpamAssassin for outgoing email by selecting:

"Scan outgoing messages for spam and reject based on SpamAssassin® internal spam_score setting "

Thank you.
 

al_bozorgi

Member
Nov 6, 2013
13
0
1
cPanel Access Level
Root Administrator
thank you Michael But i do all polices say in How to Prevent Email Abuse link and enable
"Scan outgoing messages for spam and reject based on SpamAssassin® internal spam_score setting "
+
set all to EXPERIMENTAL: Rewrite From: header to match actual sender in WHM Home » Service Configuration » Exim Configuration Manager.

But That PHP Code in post #1 can send email and no one these polices setting cannot stop it.

Do you test that PHP code in your CPanel ?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Yes, please see the following quote from my last response:

You can't really prevent spoofing if you want to allow PHP scripts to send out email without authentication
The only way you can prevent this completely is if you disable sending out through PHP scripts without SMTP authentication.

Thank you.