How to prevent spamming in Cpanel / Linux server ?
4 Answers
Disable all network interfaces. It'll ensure that no spam enters or leaves your server, and ensures perfect security, as well.
- 95,029
- 29
- 173
- 228
-
2I'm in two minds as to +1 this or not. Technically it answers the query, but I don't know if you can do this from cpanel... – Mark Henderson Jun 27 '09 at 09:01
cPanel is a piece of hosting automation software (http://cpanel.net/), it provides a web interface to control many open source services (such as Apache, Exim and Pure-FTPD).
I believe the question concerns outbound mail (i.e. hosting accounts being used to send spam), but I'll briefly outline the inbound mail as well.
Inbound mail:
- Inbound mail enters on port 25 via the default MTA (Mail Transfer Agent) Exim.
- A number of options under the WHM "Exim Configuration Editor", which control how SpamAssassin is applied to inbound mail
- Users may choose to enable/disable SpamAssassin and "BoxTrapper" for their account via the cPanel interface.
Outbound mail: There are a couple of possible routes outbound mail may take:
- Sent by SMTP under a user account (e.g. a user connects from Thunderbird using SMTP, or sends mail from a SSH session using a shell script)
- Sent by SMTP under the "nobody" user (e.g. In a default cPanel installation, a compromised PHP application is tricked into invoking PHP's mail() thousands of times)
- Sent by direct socket connections (e.g. a script placed on the machine makes direct connections to mail servers, bypassing the local MTA: fsockopen("mail.example.com", 25, ...); fread()...)
I am not aware of cPanel providing an easy method to scan outbound mail for spam. However, there are several cPanel options to help mitigate the above scenarios:
Ensuring the "nobody" user cannot send mail, instead forcing PHP/CGI scripts to send mail under the correct user. The default Apache install runs scripts under the "nobody" user. Enabling PHPSuexec and Suexec (within the WHM interface) forces scripts to run under the correct users, and so send mail from the correct users. With the suexec options applied, you can now prevent "nobody" from sending mail. WHM provides an option under "Tweak Settings": 'Prevent the user "nobody" from sending out mail to remote addresses'
Prevent users from making direct socket connections to mail servers: Using the handy IPTables extension Owner Match, you can restrict which users (or *nix groups) may make outbound connections to port 25. With users unable to make direct connections, mail has to be sent via the system MTA (Exim), leaving a single place to deal with it. The free ConfigServer Security&Firewall WHM plugin (http://www.configserver.com/cp/csf.html) allows point and click enabling of this setup, the relevant being "Block outgoing SMTP except for root, exim and mailman". A good article on IPTables Owner Match also available: http://www.linuxjournal.com/article/6091
With the above setup, all mail is now funnelled through the MTA under the correct user, allowing per domain (and other per user) restrictions to be applied. cPanel provides a rate limiting point and click option:
- WHM "Tweak Settings": "The maximum each domain can send out per hour (0 is unlimited)". Slowing the rate of spam sent will limit the amount of spam sent before a system administrator can deal with it.
If you're interested in the domain rate limiting implementation, look at /etc/exim.pl and if it exists, /etc/exim.pl.local. A chunk of useful cPanel functionality is exposed in these, which may allow you to roll your own custom Perl based solution.
Ofcourse, the above solutions all catch the outbound spam after it's already started flowing. It would be preferable to catch root causes of the problem as well: Rogue users from being given accounts, users installing old vulnerable software, users having simple passwords and so on.
Good luck!
- 556
- 4
- 6
A few things may help
- Spamcop
- Checking with good DSBL lists
- Some user education about sharing email information - I even tell them about anonymous email addresses in case they want to sign up for some thing.
- The price of peace (or spam free servers) is eternal vigiliance
- 2,186
- 5
- 28
- 44
This is a list of things that you can do entirely within WHM.
Enable:
Main >> Server Configuration >> Tweak Settings >> Mail:
- BoxTrapper Spam Trap
- SpamAssassin Spam Filter
- SpamAssassin Spam Box delivery for messages marked as spam (user configurable)
Main >> Service Configuration >> Exim Configuration Editor:
- SpamAssassin: Reject mail with a spam score greater than ## at SMTP time.
- Attempt to block dictionary attacks
- Ratelimit: incoming SMTP connections that do not send QUIT, have recently matched an RBL, or have attacked the server.
- SpamAssassinTM: Ratelimit hosts that transport messages with a spam score greater than ##
- Blacklist: SPF Checking
- RBL: bl.spamcop.net
- RBL: zen.spamhaus.org
- (You can add your own selection of RBLs here as well)
- 3,486
- 7
- 36
- 48
-
Do you have any experience with this set of configuration. It looks pretty solid but does it work? Another question is how hard is it to configure it like this, i have installed spamassassin, but i have not found a way to configure it. – Saif Bechan Mar 24 '10 at 05:24
-
This configuration works relatively well and the advantage is it can all be done within WHM interface. If you're having specific problems with SA open a new question and send me a message pointing to it. – Dave Forgac Apr 13 '10 at 16:03