The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Stop Mailbomer

Discussion in 'E-mail Discussions' started by bsasninja, Nov 7, 2006.

  1. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    A customer is receiving hundred of e-mails of spam to the same account, the spammer mailbomber is sending e-mails from different IP Address from hong kong.

    The mails are coming outside my server to a mail account on my server. I know is hard to prevent this cause they use several IP address to do the bombing, but is there a way to prevent using smtp max connections per IP on exim ? Like 1 or 2 smtp connections per IP address.

    I dont know if this function is a viable solution to block lot of connections hogging the server pool.

    Thanks
     
  2. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    865
    Likes Received:
    9
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
  3. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    I already have the thing you say.
    is not dictionary attack, is a mailbombing to an specific mail address.

    I would like to know if there is a script or something that stop mails comming from different hosts. Or something that check the message content and refuse it.

    Some hosts has something like when you send an email to a wrong address automatically the outlooks pops a warn message with a long test saying that the address doesnt exist or error 550.

    In exim I didnt find how to do this.

    Thank you
     
  4. WestBend

    WestBend Well-Known Member

    Joined:
    Oct 12, 2003
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    16
    change the email address temporarily then the server will refuse the email.
     
  5. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    Currently, there is nothing in Cpanel that will do this. Though, it is an excellent idea.

    Email spamming takes up most of a servers resources, I believe. I hope that Cpanel developers realize that the future of cpanel/email software will require that they equip server administrators with as many options as possible to defeat these types of attacks.

    With that said, there may be an exim tweak that does this. Maybe someone who acutally likes exim and knows how to use it can help you.
     
  6. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    set that ID to :fail:

    hi,
    i think you can check if incoming IP for those mails are same, you can simply DENY that particular IP.

    or if you want you can deny the mails for that particular ID by changing the ID to be forwarded to :fail:

    or if you want you can specify to discard those subjects, sender or message content from antivirus.exim file but thats not a solution cause your mail server would be accepting mails and discarding them.
    perhaps set that recipient to :fail: seems more practical.

    see ya,
    mohit
     
  7. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Are they all from the same address?
     
Loading...

Share This Page