The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spammers are bypassing the max emails per hour setting

Discussion in 'E-mail Discussions' started by hostultra, Apr 29, 2010.

  1. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    The max email per hour setting in tweak settings does not work properly.

    It seems its counting the number of email messages, not the number of recipients.
    Thus spammers are sending one email with hundreds of BCC's.

    Here is one entry from the mail queue

    Code:
    1O7Huj-000Dxa-2i-H
    mailnull 26 6
    <jackbraswell@gmail.com>
    1272502057 0
    -helo_name braswell.fu8.com
    -host_address 127.0.0.1.49479
    -host_name localhost
    -host_auth fixed_login
    -interface_address 127.0.0.1.25
    -received_protocol esmtpa
    -body_linecount 78
    -max_received_linelength 74
    -auth_id [email]acct@braswell.fu8.com[/email]
    YY [email]kiwanaj@hotmail.com[/email]
    YY [email]frances2001@bellsouth.net[/email]
    *SNIP* continues for 500 addresses
    500
    [email]meessir@bellsouth.net[/email]
    [email]ceermrtn@yahoo.com[/email]
    *SNIP* continues for 500 addresses
    
    
    217P Received: from localhost ([127.0.0.1] helo=braswell.fu8.com)
    	by server4.hostultra.com with esmtpa (Exim 4.71 (FreeBSD))
    	(envelope-from <jackbraswell@gmail.com>)
    	id 1O7Huj-000Dxa-2i; Thu, 29 Apr 2010 00:47:37 +0000
    194P Received: from 172.191.235.239 ([172.191.235.239])
            (SquirrelMail authenticated user [email]acct@braswell.fu8.com[/email])
            by braswell.fu8.com with HTTP;
            Thu, 29 Apr 2010 00:47:37 -0000
    073I Message-ID: <534dbc4541a1b478829a2f84b49fe91a.squirrel@braswell.fu8.com>
    038  Date: Thu, 29 Apr 2010 00:47:37 -0000
    022  Subject: Job Position
    050F From: "Jack V. Braswell" <jackbraswell@gmail.com>
    033R Reply-To: [email]jackbraswell@gmail.com[/email]
    032  User-Agent: SquirrelMail/1.4.20
    018  MIME-Version: 1.0
    044  Content-Type: text/plain;charset=iso-8859-1
    032  Content-Transfer-Encoding: 8bit
    023  X-Priority: 3 (Normal)
    019  Importance: Normal
    
    In the users file in /var/cpanel/maxemailstracker
    1.29.3.110=38

    Would indicate the user sent 38 messages, but actually he sent thousands, apparently using BCC's in squirrelmail.

    Also. why is squirrel sending via SMTP now.
    It was much easier when it used sendmail and i could replace the sendmail binary with one that does additional checks.
     
    #1 hostultra, Apr 29, 2010
    Last edited by a moderator: Apr 29, 2010
  2. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Please be aware that suspected bugs should be reported via our ticket system to ensure proper attention, investigation, and progress tracking; please see the link in the upper-right-corner of forums, labeled Bugs. Thank you for your understanding.
     
  3. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    There is separate options for this explicitly under "Tweak Settings" as well a few additional recipient limiting you items can do in Exim as well so these are a few areas you may want to go take a closer look.

    Incidentally, a properly configured server it would be very difficult if not close to impossible for a spammer to send out any effective spam while still allowing your legitimate user scripts and programs go untouched.

    (And yes I setup and deal with those configurations every single day .... )
     
  4. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    Theres nothing else in tweak settings or exim config relating to sending rate limiting.

    If you mean custom rules in the advanced editor I know I can do that.
    My point is that cpanel already supposedly this feature without resorting to custom modifications, but it doesn't work properly.
     
Loading...

Share This Page