Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Waterproof prevention of spam from new users

Discussion in 'General Discussion' started by brianoz, Dec 14, 2004.

  1. brianoz

    brianoz Well-Known Member

    Mar 13, 2004
    Likes Received:
    Trophy Points:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    I'm just wondering what people think of some ideas I have about preventing new users from spamming, and catching them quickly when they do. Since we're about to go to auto-fulfilment, I'm concerned spammers might send out enough spam to get us listed on ORBS/RBL or one of the more rapid-response lists and thus impact email from legitimate users, and cost me lots of work in getting us un-listed. I want to avoid that extra work which is a real killer!!

    So, I'd like feedback on whether this is possible with Exim, and whether it's a good idea or useful.

    The strategy I'm considering is:

    1. New users are limited in how many emails they can send from localhost (assume I run under suPHP/phpsuexec) - probably 20 a day, maybe even 5 or 10.

    2. New users exceeding the localhost outgoing limit get their entire messages saved or logged somehow. (Maybe only messages 20-30 get logged, after that 1 in every 10 messages gets logged or something, preferably randomly so it can't be outsmarted), or they just get blocked from sending emails. I can then review the logged messages and terminate easily and quickly if they are spamming. This would be in the TOS.

    3. New users would be able to send much higher limits via SMTP into the external IP address from non-localhost IPs, but would still be blocked/logged after reaching a certain daily threshold.

    4. New users are considered "new" for at least 30 days after subscription. Possibly users in a high-risk category when they sign up could have their email limited even further. (yes, I'm doing some anti-fraud assessment using maxmind and possibly callback via fraudgate).

    How does this seem as an idea to you guys with more cpanel experience than I have? (that's not hard either!!).

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice