The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Stop spam from exiting

Discussion in 'E-mail Discussions' started by Redhat, Jul 7, 2007.

  1. Redhat

    Redhat Member

    Joined:
    Aug 5, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Hey Guys,

    Well I have a VPS and my provider is VERY strict on spam policies. I run a free web host company (I know, not a good idea in the first place with strict spam policies, but I do).. Anyways I seem to be sending out spam aswell as receieving it from my VPS. SpamAssassin seems to be doing good for the stuff coming in. But how can I stop stuff going out? More or less I want to stop emails that contain words like "viagra", "nigeria", etc.. How can I go about doing this in cPanel 11?

    - Steve
     
  2. JIKOmetrix

    JIKOmetrix Well-Known Member

    Joined:
    Apr 3, 2007
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    You can add filter rulers to this file:

    /etc/cpanel_exim_system_filter

    if you have SSH or telnet access.

    http://exim.org/

    I'll post back if no one else posts any sample code. No sure off the top of my head on how to but do know that cpanel_exim_system_filter would be the place to put it. Also keep in mind that when cpanel updates exim your custom filters will be overwritten so back them up and check them often.

    update:
    I looked around and you can something like this:
    if "$h_subject" contains "viagra|nigeria"
    then
    fail
    endif

    That is pipe separating your entry in the contains. This will force the email to fail.

    Mike
     
    #2 JIKOmetrix, Jul 7, 2007
    Last edited: Jul 7, 2007
  3. JIKOmetrix

    JIKOmetrix Well-Known Member

    Joined:
    Apr 3, 2007
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    I was thinking about this again and you could do this too:

    Code:
    if "$h_subject" contains "viagra|nigeria"
    then
      fail text "This message has been rejected because our\n\
                 system has determined that this email may be SPAM\n\
                 or does not conform to the CANN SPAM ACT."
      seen finish
    endif
    
    Doing this will send an email back to the sender on your system with the above message.

    Mike
     
  4. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Two fairly basic and critical things you can do.

    1) Install the CSF firewall from www.configserver.com;

    CSF can be set to not allow email to be sent out other than through exim; you should set those options in the configuration.

    2) Set the per-hour email out limit to a low number. You can always increase that by adding "domainname.com=NNNN" to the file /var/cpanel/maxemails (see here for more detailed example).

    This prevents or severely limits outgoing spam for most domains. If something does get through, you'll be protected as the spammers will be limited.

    Two less critical (but also helpful) things you can do:

    3) Install phpsuexec so you can identify spam and rogue processes. You lose a little on performance but this is nothing compared to what you'll save in stability and security.

    You can also install suphp which is a little stabler (some people believe a lot more stable) and is the way of the future as phpsuexec is not being maintained any more.

    4) Install mod_security with a good set of rules to catch attempts to hack contact scripts.

    Much spam comes from hacked contact scripts; a good set of rules will keep you safe from most of this.

    Basically you can get much of this done by the folks at configserver.com for a very reasonable cost (compared to the cost and effort of doing yourself).
     
    #4 brianoz, Jul 9, 2007
    Last edited: Jul 9, 2007
  5. maquinadigital

    maquinadigital Well-Known Member

    Joined:
    Aug 10, 2006
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    DataCenter Provider
    If you don't want the message to be echoed to the sender, just ommit the fail part:

    then
    seen finish
    endif
     
  6. JIKOmetrix

    JIKOmetrix Well-Known Member

    Joined:
    Apr 3, 2007
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    Omitting the fail message and just doing an unseen finish is better. You will not have to be concerned with back scatter to spoofed email addresses.

    Mike
     
  7. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Fail would reject_during_SMTP. Nothign wrong with forcing the message burden back to the sending server (who shouldn't be sending/relaying it anyway) - or in the case of a zombied machine, same thing. Fail works fine and does not cause you to participate in backscatter.

    Mike
     
  8. JIKOmetrix

    JIKOmetrix Well-Known Member

    Joined:
    Apr 3, 2007
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    Oh, I did not know that. Thanks.

    Mike
     
  9. maquinadigital

    maquinadigital Well-Known Member

    Joined:
    Aug 10, 2006
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    DataCenter Provider
    Yes but If the sender does not exists, the message will go to the queue. Had this problem and fixed it with the seen finish.
     
Loading...

Share This Page