The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Question for heading OFF spam...

Discussion in 'E-mail Discussions' started by Abdujap, Oct 22, 2008.

  1. Abdujap

    Abdujap Registered

    Joined:
    Oct 6, 2008
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    EDIT: title should have said "Question for heading OFF spam...

    Hello,

    I am fairly new to this, however I am a graphic designer and host several of my clients websites on a VPS server. Recently one of the clients has been getting hammered with inbound spam... literally over 1000 emails an hour.

    Many of these emails seem to be guessing at any username and then the domain name, my guess is that this in done in hopes it will land in a catch-all account.

    So my question is this... is it possible somewhere within WHM or cPanel to tell the server to bounce all mail immediately if it is not addressed exactly to one of the 3 configured email address the company is using?

    The reason I ask is that having 1000 emails checked an hour against the "blacklists" is certainly using plenty of RAM and I am looking for a way to reduce this. These emails don't even need to make it as far as to be checked wether they are spam or not, as they are not even directed at a real user, so I would like to cut them off before they even get this far to save resources. Is this possible?

    Many thanks in advance for looking,
    Abdujap
     
    #1 Abdujap, Oct 22, 2008
    Last edited: Oct 22, 2008
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    First thing you need to do is insure that all of the e-mail addresses on this account that want to receive e-mail are set up as actual e-mail accounts or forwarders. Do this by logging into the control panel and clicking on Email Accounts and Forwarders.

    Now you want to set the default address for the account to discard messages. Click on Default Address in the user's control panel and be sure the option Discard with error to sender (at SMTP time) is selected. And save that change.

    Now all e-mails that are sent to asdf@example.com and other bogus e-mail addresses will be rejected by the server and will not consume process and memory usage.

    You may also want to look into making this the default setting for new accounts. You can do this by logging into your WHM and clicking on Tweak Settings and the setting for Default catch-all/default address behavior for new accounts. "fail" is usually the best choice if you are getting mail attacks. make sure that is set to fail. And save those changes.

    You may also want to search this forum for Default Address for other posts concerning this topic.
     
  3. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    *** Renamed thread per OP's request ***
     
  4. Abdujap

    Abdujap Registered

    Joined:
    Oct 6, 2008
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    sparek-3, thank you very much for taking the time to reply, it's greatly appreciated. I checked the configuration in both cPanel and WHM and both are already set exactly as you suggested. So I guess I am already doing the most I can with my limited knowledge.

    I am still a little unclear on one thing though. The domain is still getting pounded with emails (as of right now 9-12 per second). Below is info from the log. Is shows it is still making it far enough to be checked against the blacklists.

    ===========
    LOG INFO:
    ===========
    2008-10-19 11:00:32 H=pool-72-69-175-220.chi01.dsl-w.verizon.net (your27e1513d96.myhome.westell.com) [72.69.175.220] F=<MyronargusMalone@finishstrongsports.com> rejected RCPT <cmichal@domain.com>: Message rejected because pool-72-69-175-220.chi01.dsl-
    .verizon.net (your27e1513d96.myhome.westell.com) [72.69.175.220] is blacklisted at zen.spamhaus.org - see http://www.spamhaus.org/query/bl?ip=72.69.175.220

    The email being used (cmichal@domain.com) doesn't even exist, so I am unsure how it is even making it this far. Is this just normal and something I need to learn to live with?

    Thanks again,
    Abdujap

    Thank you to cPanelDavidG for renaming the topic.
     
  5. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Is this log entry what you mean when you say that you are getting hammered with inbound spam?

    This is normal. This just means that someone is trying to send an e-mail to your server and the IP sending the message is listed in an RBL (spamhaus in this example).

    It looks like the RBL check is done before recipient verification on your server.

    Your server is not accepting these messages. It is rejecting as soon as it gives a positive match in the RBL look up.
     
  6. Abdujap

    Abdujap Registered

    Joined:
    Oct 6, 2008
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Yes :eek: It appears I am using the wrong term... lol.

    Well to be more clear the domain that is having this problem went from receiving under 50 emails a day to well over 14,000 in less than 24 hours and this began Monday at 3pm and hasn't stopped since. So it would seem like some sort of massive spamming attack.

    From looking at the memory usage stats, Monday at 3pm is when the RAM usage went through the roof which also corresponds to the time the massive influx of spam started. So I assumed (wrongly it appears) that the server is having to compare each one of these emails against a list and that process is what is now using a large chunk of RAM. The RAM usage has doubled since Monday at 3pm w/o any other changes on the server.

    So I guess I just need to accept that it's not [em]that [/em] big of a deal and either hope it eases up after a few days or upgrade the server memory to ensure there is no issue with a RAM shortage.

    Thanks again for your time sparek-3, I really appreciate it.
    -Abdujap
     
Loading...

Share This Page