The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Simple oputgoing spam solution

Discussion in 'General Discussion' started by mike25, Jun 4, 2007.

  1. mike25

    mike25 Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Raleigh NC, USA
    Lately outgoing spam attacks on a fake account with emails being sent from user@hostname seem to be on the rise. I have set the max emails to be sent per hour to a reasonable level but still it seems many emails sent by the person get out. I am not sure if I am following the exim logic correctly but it seems as though when these emails are denied with the error

    failed to expand condition "${perl{checkspam}}" for lookuphost router: Domain spammer.com has exceeded the max emails per hour

    That these emails are then just placed in the queue where they are later delivered. I am correct in this assumption? If so how can I prevent this from happening?

    I am thinking a simple all round solution would be to somehow get an alert when there are several of these error lines above in the exim_mainlog, as this almost always indicates the presence of a spammer. Does anyone know of a script that will do this? Maybe I should suggest it for CSF, as it could easily ban the IP as well.

    stepping out for a few hours only to return and find 10000 emails in the queue is quite annoying.
     
  2. mike25

    mike25 Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Raleigh NC, USA
    Can anyone comment on this please?
     
  3. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    the norm is they are discarded if spammer.com is on your server it would be wise remove the spammer from your server
     
  4. mike25

    mike25 Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Raleigh NC, USA
    Hello,

    I would hope that they are discarded, but if that is true why then are their 1000s of outgoing emails from this persons cpanel login being placed in the queue? I have seen this happen several times. Of course we will remove the domain and all of the queued emails, but this does not help after the fact when many have already been sent. Nothing over the set hourly limit should be sent out period.
     
  5. mike25

    mike25 Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Raleigh NC, USA
    Can some one more knowledgable than I comment on this please? Emails over the limit set in WHM seem to get placed in the queue for a later delivery attempt. These emails should instead be discarded to prevent outgoing spam. Am I correct in my understanding of the logic?
     
Loading...

Share This Page