Spam and SMTP Relay Usage limit

psytanium

Well-Known Member
Jun 6, 2014
205
11
68
Lebanon
cPanel Access Level
Root Administrator
Hello,

Sometimes I reach the daily SMTP Relay Usage set by Godaddy (10000 per day), and the users on my server are unable send emails.

I followed this documentation already :
How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation

My configurations:
  • Password Strength Configuration - Set to 100
  • cPHullk - Enabled
  • SMTP restrictions - Enabled
  • Max hourly emails per domain - 250
  • Number of emails a domain may send per day before the system sends a notification - 500
  • Account-specific Max hourly emails per domain settings - All users refer to the main settings
  • Prevent “nobody” from sending mail - On
  • The percentage of email messages to queue and retry for delivery - 125%
I checked the queued emails, the spam address is - Removed - which is not a user on my server.

How can I prevent this accident from happening again ?
How can a mail address not hosted on my server use my server abuse my smtp relays ?

Thanks

By the way, I didn't received any notifications from the server, instead I received complaints from the users about rejected emails.
 
Last edited by a moderator:

rpvw

Well-Known Member
Jul 18, 2013
1,101
457
113
UK
cPanel Access Level
Root Administrator
If your users are getting rejected mail or bounce messages:

  • Check that the users accounts contain no unexpected mail forwarders - we have seen several issues due to forwarders being created for the purposes of sending spam, but, no one has yet identified how they accessed the system to create them.
  • Try to identify which users the mail is being routed through - and check that they don't have any out-of-date or vulnerable CMS/plugins/code within their website files that could be levered for sending mail.
  • Switch OFF "pop before smtp" if you have it enabled
  • You might like to temporarily reduce the Max hourly emails per domain to see if you can identify which user the mails are being routed through.
Since you haven't provided us with any actual log entries, anything more at this point would just be conjecture.

You may get some useful information and tips from:
How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation
Tips to Make Your Server More Secure - cPanel Knowledge Base - cPanel Documentation
 
  • Like
Reactions: cPanelLauren

psytanium

Well-Known Member
Jun 6, 2014
205
11
68
Lebanon
cPanel Access Level
Root Administrator
Hi,

1st, I found spam forwarders created in cPanel, how they managed to create those forwarders ?

2nd, Why I didnt receive outbound email activity email notifications ? the notification is turned on and set to High, bu I received nothing.

Thanks
 

psytanium

Well-Known Member
Jun 6, 2014
205
11
68
Lebanon
cPanel Access Level
Root Administrator
Sorry for asking again, but I'm afraid the problem will repeat in the future, at least I should receive a notification regarding heavy outgoing emails activity. Then I will connect to the server and fix the problem before it reach godaddy SMTP Relay Limit and even get blacklisted.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston
Hello @psytanium

We do have notifications available for this circumstance depending on the version of cPanel you're running. If you go to WHM>>Server Configuration>>Tweak Settings you can enable:
Monitor the number of unique recipients per hour to detect potential spammers.
The system will monitor the number of emails to unique recipients that each individual email user sends. If this number exceeds the specified threshold, the system will send a notification.
As well as:
Number of unique recipients per hour to trigger potential spammer notification.
The system will send a notification when any email account sends email to more than the specified number of recipients in one hour. Email sent by mailman is exempt from this detection.
You can also set up the following which might be helpful in this circumstance:
Select the action for the system to take on an email account when it detects a potential spammer.
The system will automatically take this action on every email account that it detects as a potential spammer. To detect spammers, the system monitors the number of emails to unique recipients that each individual user sends.
 

psytanium

Well-Known Member
Jun 6, 2014
205
11
68
Lebanon
cPanel Access Level
Root Administrator
Hi,

Monitor the number of unique recipients per hour to detect potential spammers, is already turn on.
Number of unique recipients per hour to trigger potential spammer notification - reduced from 500 to 100
Select the action for the system to take on an email account when it detects a potential spammer - Set to Hold Outgoing Emails

I think you provided good configurations to limit the chance of exceeding SMTP relays. But I'm still confused how they managed to create mail redirections and why I didn't received email notifications.

Thank you for the help.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston
The forwarders had to have been implemented by someone who had access to the account either through a compromised script or password. As for the mail notifications, you should be receiving them to the administrative contact of the server. You can check the exim logs for this to see why you didn't receive them or if they were sent.