- Status
You can set this in the WebHost Manager by editing the setting for Max hourly emails in Main >> Server Configuration >> Tweak Settings.
I wanted to mention that you can also set this on individual accounts to change the limit that you have in WHM > Tweak Settings area. If you go to WHM > Account Functions > Modify an Account and then select an account, you will have the option:
You have the choice to set a different limit, to set unlimited or to use the default from Tweak Settings there. I've attached a screen print of what it looks like:
I have a question. If I I set Max Hourly Emails to 300 in Tweak Settings, what will happen to other emails that exceed the limit? Will they stay in queue or discarded?
I see sender receives email about mails discarded, but my server manager says they will be kept in queue. Just want to confirm.
I see sender receives email about mails discarded, but my server manager says they will be kept in queue. Just want to confirm.
The emails will not send and bounce back to the sender. You'll see something similar to the following:
Of note, I just tested this behavior on my machine by changing a testing domain's "Hourly Email by Domain" to 2 per hour, then I sent 4 messages out (2 emails where 2 recipients were on each of the 2 emails). The bounce back to my domain was received in my inbox and was not held in the queue.
Now, if you end up having the user try to send a huge number of emails all at once and those emails hit the hourly limit, then bounce back to the user, the high number of emails will be unable to be processed fast enough to all deliver at once. Some of those emails will remain in the queue while exim tries to process them to bounce back, which might take awhile. It might also cause high load for exim due to trying to process such emails.
Basically, the messages will not send to the recipients and it bounces back to the sender. While it mentions being discarded, the sender does get a copy of the original message in the bounce back message. The message will not be in the email queue to see in WHM > Mail Queue Manager unless the sender is over quota or otherwise unable to receive the email. If the sender is over quota or unable to receive the email for some reason, then the emails will not bounce back to the sender and remain in the queue.
Of note, I just tested this behavior on my machine by changing a testing domain's "Hourly Email by Domain" to 2 per hour, then I sent 4 messages out (2 emails where 2 recipients were on each of the 2 emails). The bounce back to my domain was received in my inbox and was not held in the queue.
Now, if you end up having the user try to send a huge number of emails all at once and those emails hit the hourly limit, then bounce back to the user, the high number of emails will be unable to be processed fast enough to all deliver at once. Some of those emails will remain in the queue while exim tries to process them to bounce back, which might take awhile. It might also cause high load for exim due to trying to process such emails.
Very detailed and clear explanation, thanks Tristan!! 
Is there anyway to prevent the bounce back or only send it once? I find it annoying that if any spamming (fake sender) happens in the server, the mail queue will become very large and server runs extremely slow, some times even turns unresponsive.
Any recommended and effective measures to stop spammers abusing our servers?
Is there anyway to prevent the bounce back or only send it once? I find it annoying that if any spamming (fake sender) happens in the server, the mail queue will become very large and server runs extremely slow, some times even turns unresponsive.
Any recommended and effective measures to stop spammers abusing our servers?
There isn't any way within cPanel to prevent the bounce back as it's an informative measure so the customer knows their emails are being rejected.
As for recommended and effective measures to stop spammers, I have a guide I've written that isn't yet completed that details some steps you can take to make it easier to track down spammers. It isn't possible so long as you have email services running to prevent spamming entirely. I'll go ahead and post what I have currently for that guide in case it might be of help:
Exim Hardening Practices
The intention of this guide is to provide some steps to help tighten the email sending practices on a machine in order to facilitate both determining the legitimate sender of an email as well as preventing spoofing on the machine.
WHM Options to Enable
1. Preventing nobody from sending emails
WHM > Tweak Settings, select “On” for the following option:
If you are using DSO for the PHP handler, this option is not advised. You can see in WHM > Apache Configuration > PHP and SuExec Configuration area which PHP handler is being used on the machine.
The default handler for new cPanel installations would be suPHP, which would work for the above option. If you are using an older setup with DSO, it would be recommended to change to suPHP for better tracking on who is running PHP processes for scripts that send emails anyway.
2. Setting the Sender header when the email sender tries to spoof the sender
WHM > Exim Configuration, select the following:
3. Adding MailHeaders for PHP
WHM > EasyApache (Apache Update) > Step 6 Exhaustive Options List in the PHP section (PHP 4 and/or PHP 5), select the following:
Exim Configuration Changes
1. All logging for exim log file
WHM > Exim Configuration > Advanced Editor, add the following in the topmost box:
Then click the “Save” button to save this configuration change. This adds extra logging to /var/log/exim_mainlog on Linux (or /var/log/exim/mainlog on FreeBSD) such as subject and command path.
2. Stopping spoofing from webmail and SMTP authenticated users
WHM > Exim Configuration > Advanced Editor, add the following in the second box where it has begin acl directly above it:
This will prevent users from changing their identity in webmail or their email client, which would be spoofing an email identity other than the logged in user.
Removing sendmail
Finally, since sendmail spoofing cannot be prevented easily, moving sendmail binary on the system would be the best way to cut down on spoofing and spamming. You can simply run the following command:
If your sendmail is not at /usr/sbin/sendmail, you could run whereis to locate it:
Please note that any forced cPanel updates (/scripts/upcp --force) or exim updates (/scripts/eximup) would replace the missing binary. You will need to manually move the file each time those scripts are executed or use /scripts/postupcp and /scripts/posteximup files to run the command to move the file again. The script could simply have the following content:
After creating the scripts, ensure they has execute permissions to run:
Please note that you cannot make the sendmail binary file immutable with blank contents as it is still replaced during eximup regardless, so the only viable option to keep it from being replaced would be to create the previously mentioned scripts.
Cautionary Note: Once sendmail is no longer working on the machine, your users will no longer be able to use it for scripts. They must use SMTP authentication in scripts rather than functions that call the sendmail binary. Most major applications such as Joomla do have an option to use SMTP authentication instead, but you are going to have many customers who relied on scripts that used PHP mail() function calling sendmail or who called sendmail directly, and those users will be impacted by this change. Please ensure that your users are well aware this is going to happen before removing sendmail functionality. It is best to test the repercussions it will have on services on your machine before making such a change permanent.
As for recommended and effective measures to stop spammers, I have a guide I've written that isn't yet completed that details some steps you can take to make it easier to track down spammers. It isn't possible so long as you have email services running to prevent spamming entirely. I'll go ahead and post what I have currently for that guide in case it might be of help:
Exim Hardening Practices
The intention of this guide is to provide some steps to help tighten the email sending practices on a machine in order to facilitate both determining the legitimate sender of an email as well as preventing spoofing on the machine.
WHM Options to Enable
1. Preventing nobody from sending emails
WHM > Tweak Settings, select “On” for the following option:
Then click the “Save” button to save the configuration change.
If you are using DSO for the PHP handler, this option is not advised. You can see in WHM > Apache Configuration > PHP and SuExec Configuration area which PHP handler is being used on the machine.
The default handler for new cPanel installations would be suPHP, which would work for the above option. If you are using an older setup with DSO, it would be recommended to change to suPHP for better tracking on who is running PHP processes for scripts that send emails anyway.
2. Setting the Sender header when the email sender tries to spoof the sender
WHM > Exim Configuration, select the following:
Then click the “Save” button to save the configuration change.
3. Adding MailHeaders for PHP
WHM > EasyApache (Apache Update) > Step 6 Exhaustive Options List in the PHP section (PHP 4 and/or PHP 5), select the following:
For more information on this option, please see CHOON.NET : Resources : Scripts & Patches : PHP Mail Header Patch
Exim Configuration Changes
1. All logging for exim log file
WHM > Exim Configuration > Advanced Editor, add the following in the topmost box:
Code:
log_selector = +all2. Stopping spoofing from webmail and SMTP authenticated users
WHM > Exim Configuration > Advanced Editor, add the following in the second box where it has begin acl directly above it:
Code:
acl_check_data:
deny
authenticated = *
condition = ${if or {{ !eqi{$authenticated_id} {$sender_address} }\
{ !eqi{$authenticated_id} {${address:$header_From:}} }\
}\
}
message = Your FROM must match your authenticated email user.Removing sendmail
Finally, since sendmail spoofing cannot be prevented easily, moving sendmail binary on the system would be the best way to cut down on spoofing and spamming. You can simply run the following command:
Code:
mv /usr/sbin/sendmail /usr/sbin/sendmail.bak`date +"%Y%m%d%H%M%S"`
Code:
whereis sendmail
Code:
#!/bin/sh
mv /usr/sbin/sendmail /usr/sbin/sendmail.bak`date +"%Y%m%d%H%M%S"`
Code:
chmod +x /scripts/postupcp
chmod +x /scripts/posteximupCautionary Note: Once sendmail is no longer working on the machine, your users will no longer be able to use it for scripts. They must use SMTP authentication in scripts rather than functions that call the sendmail binary. Most major applications such as Joomla do have an option to use SMTP authentication instead, but you are going to have many customers who relied on scripts that used PHP mail() function calling sendmail or who called sendmail directly, and those users will be impacted by this change. Please ensure that your users are well aware this is going to happen before removing sendmail functionality. It is best to test the repercussions it will have on services on your machine before making such a change permanent.
Hi and thank you for your reply. I am testing with an account [email protected] (modified in outlook like [email protected]) and sending to a domain [email protected]. I checked logs in /var/log/exim_mainlog and exim is sending emails and email is [email protected]. One thing, in exim configuration I have acl_smtp_data = check_messages (it is not supose to be acl_smtp_data = acl_check_data - I tested with acl_smtp_data = acl_check_data but it is rejecting all messages), and I am using mailscanner.
Regards,
George B.
Regards,
George B.
I have no idea how mailscanner might impact anything you change for exim's configuration. I would highly suggest disabling mailscanner prior to conducting any tests.
I think is not interfering with exim. If I am using things like recipients_max, recipients_max_reject it is working with no problem, any how can I add like header for x-anti-abuse with all info. Again, thanks for reply.
I'll try any way with mailscanner disabled.
Regards,
George B.
I'll try any way with mailscanner disabled.
Regards,
George B.
Infopro
Well-Known Member
On both cPanel versions, if you search the Advanced Editor page for log_selector you'll find these options in the same exact place on page. There's a box with defaults already in it:
+incoming_port +smtp_connection -retry_defer +subject +arguments +received_recipients
+incoming_port +smtp_connection -retry_defer +subject +arguments +received_recipients
In the past, we weren't enabling log_selector options at all. In 11.32 and higher, log_selector is already set to add options for logging more details, so you likely don't need to do this any longer.
Do all these tweaks still work with WHM 11.38.2 (build 2) as I cannot find the reference to "begin acl" in WHM > Exim Configuration > Advanced Editor.
The instructions were not designed with cPanel 11.38 in mind, but they should still work. You can scroll down to the field just below "Section: BEGINACL" for the entry you referenced.
Thank you.
Thank you.
Thank you for your reply however I see no reference to "Section: BEGINACL" , just the fields. See the screenshot. I'm not sure where to place the following code:
You can utilize the search feature of the browser and type in:
Thank you.
Copy and paste that exact term, as it's case-sensitive.
Thank you.
- Status
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| L | How to setup email in cPanel on AWS Lightsail | 4 | ||
| I | Setup multiple SMTP in WHM | 1 | ||
| H | External SMTP Setup for one account | 4 | ||
| C | How To: Setup SMTP Relay and Follow Max Hourly Mail Limits | 5 | ||
| D | How to setup SMTP limit send mail per account / per hours | 1 |