I've been looking thru many posts and can't find the solution to this question. I have a server at rackshack.net, that I'm using for hosting, running linux/red hat and H-sphere cp.
Everyone knows rackshacks tough spaming policy. I want to protect our server from being used for spaming.
If you have a program or script, I would like to hear about it and the directions for the install. You just can't catch all people at signup.
Thanks

Hello Native, wellcome to the group

I have been looking for this answer for quite some time and haven't found the answer, Incase if you bump into one, drop me a line too.


Cheer :D

Originally posted by native
If you have a program or script, I would like to hear about it and the directions for the install. You just can't catch all people at signup.
Thanks My only suggestion is to make sure w3svc style logging is enabled in your smtp server, and write a heuristics engine to search for a pattern. Everyone would probably have an opinion, but here's my opinion of a pattern that at least should notify you that funny stuff might be happening:

> xxx number emails to different addresses with similar (a lot of subjects have a unique serial attached to it) subjects

> xxx number of consecutive messages within 50 bytes of the same size

> than xxx different from: addresses (wouldn't work on reseller accounts) within a short period

I now nothing about *nix mailers, so dont even know if this is possible on *nix servers, but it is on Win2k

I'm not sure about stopping your users from spamming but setting SMTP authentication will stop non-users from spamming. ( or at least cut down on it... shut off relay as well.

*bump*

I want to protect our server from being used for spaming.

Anyone else have any suggestions? Thanks.

As nikko said, the logging is the best answer. The most simple thing to do would be to have script parse logs daily and send you report that could note how many emails each domin sent, or maybe just top ten senders. Soon you will see the patern and will know if something unuisual is happening. This assumes that you turned off relaying.

Thank you.

My preferred solution is to have the mail-daemon refuse to send mail originating from any account which has passed some preset daily threshold. Most users won't get anywhere near sending 500 emails/day; but if a spammer is stopped after sending 500 messages, he will for all practical purposes have been defeated (considering that they normally send out emails by the hundreds of thousands).

Obviously, the threshold should be configurable on a per-user basis -- if someone has a legitimate reason to send large volumes of email, you can increase their limit, but you probably want to know why they're sending out so much email first.

Originally posted by cperciva
My preferred solution is to have the mail-daemon refuse to send mail originating from any account which has passed some preset daily threshold. Most users won't get anywhere near sending 500 emails/day; but if a spammer is stopped after sending 500 messages, he will for all practical purposes have been defeated (considering that they normally send out emails by the hundreds of thousands).

Obviously, the threshold should be configurable on a per-user basis -- if someone has a legitimate reason to send large volumes of email, you can increase their limit, but you probably want to know why they're sending out so much email first.

There are a few things I would say to do..
1) Due diligence on your customers search their domain information, etc business name, etc in Google groups and Spamhaus(Rokso) if their currently setup somewhere else, searchtheir ip in www.spews.org(although I take spews with a grain of salt due to collateral damage) if a spews listing is in for their specific site stear clear

2) Set the mail daemon to only allow a preset number of email per day, so if there is a issue of them spamming, they wont be able to do much harm

watch your postmaster & abuse mailboxes. closely. Make sure they are available to folks looking for the spammer's provider - listed w/ ARIN on your IP's and in the whois record.
Post a clear TOS/AUP.

And if you run qmail, set concurrency to 20 and have it page you if the queue gets over 100 or so.

Last but not least, annihilate the account for the first offense, hang the carcass at the gate for all to see and bill them a $500.00 cleanup fee.

Hi PHBPendragon,

Can some thing like that be configured for Exim, since most of the Cpane / whm servers are using it,?

Regards/-

Another idea I find useful, is to limit the max number of recipients that each email can be sent to.

When this is combined with forced-authentication, SMTP-relay blocking, limiting the max number of emails per account per day, and effective logging, then you should be doing a pretty good job at hindering spammers using your server.

Also I would say follow the RFC's and make sure you have appropriate abuse@ and postmaster@ email addresses for your domains and that and that you are registered at sites such as abuse.net for their whois automated spam reporting, etc.

If you have any other questions let me know..

Originally posted by oc3
Hi PHBPendragon,

Can some thing like that be configured for Exim, since most of the Cpane / whm servers are using it,?

Regards/-

I don't know - I never used either one.
I'd be surprised if it couldn't though.