nisamudeen97

Well-Known Member
Jul 7, 2010
55
5
58
Cochin
cPanel Access Level
Root Administrator
My server is used for hosting CMS like wordpress and joomla, as most of the clients are using plugins and themes which are not being downloaded from authorized websites lots of spam mails are found being generated from self triggered spam bot scripts. I have managed to enable detailed exim log and I am able to find the exact script which has caused the issue each time. Meanwhile is it possible to stop these malicious scripts only from spamming

What I want to do is stop mails which are being of the form "[email protected]" ? ie stop mailing from the scripts that are not using proper authentication to sent mails
Is it possible with out disabling php mail () ?

I am not supposed to use any kind of third party spam detection software’s. I have done all recommended things by cpanel to prevent email abuse

url https://documentation.cpanel.net/display/CKB/How+to+Prevent+Email+Abuse

I need some mechanism in exim to stop this. Is it possible ?
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
97
78
India
cPanel Access Level
Root Administrator
Twitter
Hello,

You can disable your php mail function through with the disable function in php.ini file. Also please give a try with the following command. You will get the directory list which are sending the mails from your server.

Code:
awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr
 
  • Like
Reactions: madmanmachines

nisamudeen97

Well-Known Member
Jul 7, 2010
55
5
58
Cochin
cPanel Access Level
Root Administrator
Hi,

Thanks for the update. I have already done your suggestions and I am aware about all these. I have already disabled mail function in the server meanwhile what i need is to stop mails which are being of the form "[email protected]" most probably the mails which are being sent via php scripts in a "suphp" server.
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
97
78
India
cPanel Access Level
Root Administrator
Twitter
Hello,

It's default behavior of Exim mail server is to use the cPanel username and hostname of the server, If the From: field is not formatted correctly, empty or the email address does not exist in the cPanel, the From: address will be changed to [email protected]

If you want to stop this, You will have to use SMTP authentication instead of php mail in your script to send mail from your server
 

nisamudeen97

Well-Known Member
Jul 7, 2010
55
5
58
Cochin
cPanel Access Level
Root Administrator
What I want to do is stop mails which are being of the form "[email protected]" ? ie stop mailing from the scripts that are not using proper authentication to sent mails.


Is there any mechanism in exim ? While researching in this topic , I met with the below update.

Go to the location WHM >> Service Configuration >> Exim Configuration Manager

Under the section filer, you'll see the file used by exim for filtering. Open that file from the backend of your server and add the below piece of code in the end.


if first_delivery
and ( (“$h_from:” contains “[email protected]”)
)
then fail
endif


Restart exim


Is it possible to modify the above if con and prevent all users from sending mail via php script ?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
What I want to do is stop mails which are being of the form "[email protected]" ? ie stop mailing from the scripts that are not using proper authentication to sent mails.
Hello,

Are you sure that you have already disabled the mail function of PHP? Users should not be able to send out email through PHP if you have disabled that function.

Thank you.
 

nisamudeen97

Well-Known Member
Jul 7, 2010
55
5
58
Cochin
cPanel Access Level
Root Administrator
Hi Michael,

Thanks for the update, the below post contains answers for my questions.

https://forums.cpanel.net/threads/h...nding-email-from-my-server.223731/#post920912

I am unable to find answer for my main question. I am not supposed to disable mail sending for a single domain. I just wanted to disable mails being sent using php scripts which are of the form
[email protected]. All other mails of the account sent using authentication via webmail, thunderbird must work fine. Is there any solution for this ?
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
There's no other way I am aware of to stop PHP scripts from sending mails other than by disabling the mail function of PHP in the php.ini file.

Thank you.