Outgoing spam filter using exim
We setup an outgoing spam filter using exim to block spoofed emails. Basically, this is what we did.
[QUOTE](root)>grep ^system_filter /etc/exim.conf
system_filter = /etc/exim.filter
system_filter_user = cpaneleximfilter
system_filter_group = cpaneleximfilter
system_filter_file_transport = address_file
(root)>cat /etc/exim.filter
# Exim filter
logfile /var/log/exim_filterlog
if ( $received_protocol is "local" or
$received_protocol is "esmtpa" ) and
($sender_address contains "@ebay.com" or
$sender_address contains "@paypal.com" or
$sender_address contains "@yahoo.com" or
$sender_address contains "@aol.com"or
$sender_address contains "@gmail.com" or
$sender_address contains "@hotmail.com" or
$sender_address contains "@msn.com" or
$sender_address contains "@cox.com" or
$sender_address contains "aol.com" )
then
save /var/cpanel/userhomes/cpaneleximfilter/mail/inbox
logwrite "$tod_log $message_id => Outgoing mail with reply address $header_from caught. Email sent to black hole."
seen finish
endif
Basically, this is what it does. It checks if the email is sent either using "local" ( ie, emails send using forms and scripts ) or "esmtpa" ( ie, emails sent after autheticating ) and if it matches either of the 2 conditions, it checks for the from address and if it matches either ( aol, hotmail, etc ), it will block the email and append it to /var/cpanel/userhomes/cpaneleximfilter/mail/inbox Now, this is what we need. We need to modify the filter so that emails are sent out only if the from address is present in /etc/localdomains. That way, all spoofed spam emails from the server can be blocked. Any help on this is much appreciated. :)
Basically, this is what it does. It checks if the email is sent either using "local" ( ie, emails send using forms and scripts ) or "esmtpa" ( ie, emails sent after autheticating ) and if it matches either of the 2 conditions, it checks for the from address and if it matches either ( aol, hotmail, etc ), it will block the email and append it to /var/cpanel/userhomes/cpaneleximfilter/mail/inbox Now, this is what we need. We need to modify the filter so that emails are sent out only if the from address is present in /etc/localdomains. That way, all spoofed spam emails from the server can be blocked. Any help on this is much appreciated. :)
-
Hello :) Yes, you could likely implement a rule that includes all local domain names in that custom filter. You may try searching the Exim documentation or older threads that might implement such rules. Also, have you considered using any native options such as enabling SpamAssassin for outgoing email? Thank you. 0 -
[quote="cPanelMichael, post: 1666511">Hello :) Yes, you could likely implement a rule that includes all local domain names in that custom filter. You may try searching the Exim documentation or older threads that might implement such rules. Also, have you considered using any native options such as enabling SpamAssassin for outgoing email? Thank you.
We have implemented this using Exim ACLs. Also, documented it on our blog for the benefit of the community. :) - [url=http://bobcares.com/blog/blocking-spoofed-mails-going-out-of-your-cpanel-whm-web-hosting-server/]Blocking spoofed mails going out of your cPanel/WHM web hosting server 3 points that we need to keep in mind are [LIST]- Usernames in the format user+domain.com won't work. So, they need to change that in their email clients to username@domain.com instead
- Mails sent from the default email account ( in the name of cPanel username ) won't work. They have to create a separate email account by the same name instead.
- POP before SMTP won't work. But, we do not recommend turning ON this feature anyway as it's a security risk.
- Request to cPanel ==> Why can't we add a "spoofing protection" option in cPanel Exim configuration editor ? More than 75% of spam emails are spoofed. And if cPanel can block that out from servers with cPanel installed, that's going to make a significant difference to the amount of spam circulating around the world. The chances of IP Address blacklist will come down as well. :)
0 -
[quote="amal, post: 1669342">Request to cPanel ==> Why can't we add a "spoofing protection" option in cPanel Exim configuration editor ? More than 75% of spam emails are spoofed. And if cPanel can block that out from servers with cPanel installed, that's going to make a significant difference to the amount of spam circulating around the world. The chances of IP Address blacklist will come down as well. :)
Please feel free to submit a feature request for any ideas or features you think might benefit the software: Submit A Feature Request Thank you.0
Please sign in to leave a comment.
Comments
3 comments