I am looking for suggestions on how to improve the following scenario:
Currently all incoming MAIL is being scanned for viruses and SPAM. The
effectiveness of this is reasonably good, although there is room for
Outgoing mail, send from our webservers is currently not boing scanned.
More and more often do we find that scripts from our clients, without
their knowledge is compromised thru an exploit and some kind of code
injection through forms and spam is being send thru those forms.
All outgoing mail is forwarded to our mail servers and then are send out.
What is the best way to prevent scripts from sending the SPAM. Usually
cutting of the client is not the answer since they didnt send the SPAM
theirself, it was because one of their scripts was compromised.
- How do you deal with this?
- What is (in your opinion) a good anti-spam solution for both incoming
and outgoing spam without altering our mail configuration. Is it possible
to put some kind of hardware before the mailserver that filters most
things out? Im open to all suggestions, open-source, commercial, even
Thanks for your suggestion. We did indeed load mod_security as a module in Apache, however not everything is picked up. Perhaps our rules are either
incorrect or out of date, but i believe we're using a quite extensive ruleset
rather than all this PMing perhaps we could just share it publicly, after all this is what forums are for
One simple method I use on cpanel is to limit the outgoing emails per hour to a low enough level that a normal person would be fine, but a spammer gets limited (eg 150 per hour). I manually increase the limit for those who ask - the ratio is running at about 1 per 150 clients ask for it to be increased. Since you didn't say what control panel you use it's hard to be more concrete.
OK...hate to barge in AS the obvious ignorant soul on this thread...but I have a reseller account and several of the sites are getting abused with outgoing email spamming which is how I found this thread. I've updated what scripts I can....but it sounds like I really need to install this mod_security.
Where does this reside....within each account or at the WHM level?? Is there something within the CPANEl or WHM that will enable me to install from there or do I need to go in through Shell Access....(yes, I am cringing at my own stupid question!)
(Sidenote: I'm using Site5 (though, probably not for long). I don't really resell, I just have the account for a few select organizations that I help (besides my own)