specific email blacklist on server
I have a problem with an @gmail.com email spammer who has obviously worked out how to identify users on my server (probably from server DNS crosschecks I assume ). They are hitting each client's contact form and emailing each account on the server with very upleasant unsolicited spam.
Obviously I can't ban at the domain level, and it's not productive to ban at cPanel level -too many accounts.
What's the best way to set up a banned email blacklist in EXIM so I can stop this person harrassing the users on the server. Ideally I want a notification as root, but not the end of the world, I just want to block this spammer.
-
It sounds like an automated/scripted attack. Have you considered simply adding captcha's to the contact forms? 0 -
I also like the idea of a captcha. If it's a gmail.com address today, it could be outlook tomorrow, or Yahoo next week, so stopping the problem at the form level is the best solution. 0 -
No it is not a bot - it's an Indian SEO company continually spamming multiple users on the server. They send duplicate emails to multiple accounts on the server, several times a week. Many of the account users have flagged it to us and asked for the spammer to be stopped. Many of the websites already have captchas etc, the spammers are submitting 'legitimate' emails, they are just considered to be "harassment" and spammy content that we are receiving complaints about. It's not rocket science - if a spammer is spamming persistently, they need to be blacklisted - but it's not productive to do this at a cpanel level. I would appreciate it if you could answer my original question: What's the best way to set up a banned email blacklist in EXIM. 0 -
There's a couple of ways to deal with this - either block them in Exim (which is a bit tricky as the emails are technically coming from a web form and hence your own server - probably with a "from" address of the server itself) - or you block them in Apache using mod_security. I would go for the latter approach myself. I haven't tried this myself, but you should be able to add a new rule via ModSecurity Tools->Add Rule such as: SecRule ARGS_POST|REQUEST_BODY "@contains spammer@example.com" "id:123,phase:2,block,msg:'Spammer'"
(See the documentation for REQUEST_BODY and0
Please sign in to leave a comment.
Comments
4 comments