Block individual email from sending spam from server

casim

• December 10, 2014 22:56

I have a situation where my email server is being used to spam. A non existent email address referencing my domain is successfully posting 100s of emails. It's using something like this myDomainName@servername.myDomainName.com e.g. cnn@servername.cnn.com Is there a (simple) way to stop this? Any help is appreciated. Casim.

• 

  cPanelMichael

  • December 11, 2014 12:47

  Hello :) Do you notice any additional information about the email in the message header or in /var/log/exim_mainlog? You may also find the following document helpful: cPanel - Prevent Email Abuse Thank you.

  0
• 

  dmacomber

  • December 11, 2014 19:13

  I had similar situation. So this is what I did My immediate action was to put an exim custom filter rule to forward those emails back to me. Most had the same "Pizza Hut Coupon" subject, so they didn't go out anymore. Turn on php script information to be put in email's header info to point out the offending PHP script. Mine was in that's domains HTML_Public\... folder Turn on PHP scrpit logging to see what Ip it was coming from and block all access from it in Cpanel. Ideal option would be to correct those bad scripts, but not an option in my case. Just in the off chance do a search for
  find / -name menu87.php
  That was my bad script.

  0
• 

  Infopro

  • December 11, 2014 21:26

  ]I have a situation where my email server is being used to spam. A non existent email address referencing my domain is successfully posting 100s of emails. It's using something like this myDomainName@servername.myDomainName.com e.g. cnn@servername.cnn.com Is there a (simple) way to stop this? Any help is appreciated. Casim.

  
  Not sure if this is helpful here or not, worth a look to make sure its enabled though: WHM " Service Configuration " Exim Configuration Manager Reject remote mail sent to the server's hostname [?] Reject mail at SMTP time if the recipient is an address of the primary hostname of this server. No remote mail should normally be received for the primary hostname, and this has recently become a common spam target.
  

  0
• 

  casim

  • December 15, 2014 00:10

  Thanks. I switched this on and will monitor it.

  0
• 

  casim

  • December 15, 2014 01:31

  ]I had similar situation. So this is what I did My immediate action was to put an exim custom filter rule to forward those emails back to me. Most had the same "Pizza Hut Coupon" subject, so they didn't go out anymore. Turn on php script information to be put in email's header info to point out the offending PHP script. Mine was in that's domains HTML_Public\... folder Turn on PHP scrpit logging to see what Ip it was coming from and block all access from it in Cpanel. Ideal option would be to correct those bad scripts, but not an option in my case. Just in the off chance do a search for
  find / -name menu87.php
  That was my bad script.

  
  Firstly, thanks for your post. I'm working through your suggestion. I'm new to this so I'll be slow but will be responding. I'm editing the filter file using these directions for anyone else who may read this thread. https://documentation.cpanel.net/display/ALD/Customize+the+Exim+System+Filter+File#CustomizetheEximSystemFilterFile-HowtocreateacustomEximsystemfilterfile

  0
• 

  casim

  • December 15, 2014 02:41

  ]I had similar situation. So this is what I did My immediate action was to put an exim custom filter rule to forward those emails back to me. Most had the same "Pizza Hut Coupon" subject, so they didn't go out anymore. Turn on php script information to be put in email's header info to point out the offending PHP script. Mine was in that's domains HTML_Public\... folder Turn on PHP scrpit logging to see what Ip it was coming from and block all access from it in Cpanel. Ideal option would be to correct those bad scripts, but not an option in my case. Just in the off chance do a search for
  find / -name menu87.php
  That was my bad script.

  
  HI can you show me the process & code you used to set up the filter? I'm finding it difficult to wade through all the documentation on the How-To Thanks in advance.

  0
• 

  casim

  • December 15, 2014 06:48

  ]I had similar situation. So this is what I did My immediate action was to put an exim custom filter rule to forward those emails back to me. Most had the same "Pizza Hut Coupon" subject, so they didn't go out anymore. Turn on php script information to be put in email's header info to point out the offending PHP script. Mine was in that's domains HTML_Public\... folder Turn on PHP scrpit logging to see what Ip it was coming from and block all access from it in Cpanel. Ideal option would be to correct those bad scripts, but not an option in my case. Just in the off chance do a search for
  find / -name menu87.php
  That was my bad script.

  
  Wow, after a lot of reading and work I have solved my problem. Thank you! I added the following lines of code to the php.ini mail.add_x_header = On mail.log = /var/log/phpmail.log created the phpmail.log file with write permissions and there it was in the header - 60 emails generated on each send. the offending file for me was .info.php in a Moodle directory The as$@#les even had the leading . so it was read as a hidden system file. Thanks everyone for your help.

  0
• 

  cPanelMichael

  • December 15, 2014 17:45

  I am happy to see you were able to address the issue. Thank you for updating us with the outcome.

  0

Please sign in to leave a comment.