Results 1 to 25 of 28
Thread: cPanel and Spam issues
-
09-04-2007, 02:39 PM #1New Member
- Join Date
- Nov 2006
- Posts
- 4
cPanel and Spam issues
I'm currently getting spammed out the wazzoo on my hosting server and I sent them a support ticket about it and they said it was related to cPanel and that tons of people are having this issue. However I'm not so sure as I poked at a few of the forums here and did a search and nobody seems to be having the same problems. They said they'd fix it when a fix was coming out, but nothing yet and I'd assume it would be a big enough issue for cPanel to release an immediate fix, or at least roll back the system.
Is there a bug in cPanel currently or are they lying to me? Is there any way to curb spam past spam assassin since that doesn't seem to be working?
-
09-04-2007, 02:49 PM #2Web Hosting Master
- Join Date
- Oct 2004
- Location
- Kerala, India
- Posts
- 4,771
spam mails are targeted on to a specific domain on your server?
David | www.cliffsupport.com
Affordable Server Management Solutions sales AT cliffsupport DOT com
CliffWebManager | Access WHM from iPhone and Android
-
09-04-2007, 02:54 PM #3
This is an incorrect statement, there is no known "bug" in cpanel that promotes spam. Anyone saying this really doesn't have a clue what they're doing.
How to remove spam? That's a touchy thing really, there's a million thoughts and ideas on the matter, and all that really works is what works for YOU.
A few tricks:
A> Setup a default address for your domain, set it to :fail: . Nothing else, just fail.
B> Remove ALL email links from your websites. Believe it or not those are harvested constantly
C> Adjust spamassassin filters (if you really MUST use SA)
D> Make sure your CONTACT forms have some sort of captcha protection.
If you have root access, add some sort of advanced spam filtering (RBLs, ASSP, whatever) to the list.Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
09-04-2007, 03:01 PM #4Web Hosting Master
- Join Date
- Oct 2004
- Location
- Kerala, India
- Posts
- 4,771
Check if nobody spams are flowing in large number. You can enable extended logging in exim and watch exim_mainlog for spammer.
1. Edit /etc/exim.conf
2. On the second line add :
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn \
Make sure all that comes on a single line.
3. Save and exit.
4. Restart Exim.
Tail exim_mainlog and watch the cwd (current working directory) for the spam source.David | www.cliffsupport.com
Affordable Server Management Solutions sales AT cliffsupport DOT com
CliffWebManager | Access WHM from iPhone and Android
-
09-04-2007, 03:08 PM #5Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
09-04-2007, 03:22 PM #6New Member
- Join Date
- Nov 2006
- Posts
- 4
A.) OK so first set up and e-mail account with the name :fail: and direct all default mail to that, correct? (I should note the e-mail I'm getting spammed at is NOT the default e-mail. Though they may be spamming xxx@domain.com.)
B.) I'm not even sure I have it on there in the first place :/ I can go check.
C.) I'm not sure on what else I /can/ use. That appears to be the default on the system. I have adjusted the filters (or so I thought), how else can they be adjusted (I used the SA examples listed..)
D.) What kind of contact forms do you suggest? (I haven't used any that have a capture device on them.)
As for david510:
Yeah I don't have root access :/ I'd love to set up my own server but I don't really know how... (I have the linux though)
-
09-04-2007, 03:32 PM #7
A>
This is a special mail address, you don't need to set this up, just set your default to :fail:
B>
You do that
C>
Personally, I don't use or recommend SA, as it completely loads a server down easily with enough rules, soooo, I'll let someone else ecomment on that one.
D>
All you need to do is find a reasonable capcha system, implement it into your contact forms and you're good to go. You don't even have to switch software, just edit a couple of lines in the form. There's enough capcha systems out there that you will find one (eventually) that's easy enough for you to use.Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
09-04-2007, 11:20 PM #8Web Hosting Master
- Join Date
- Oct 2004
- Location
- Kerala, India
- Posts
- 4,771
David | www.cliffsupport.com
Affordable Server Management Solutions sales AT cliffsupport DOT com
CliffWebManager | Access WHM from iPhone and Android
-
09-04-2007, 11:33 PM #9Web Hosting Master
- Join Date
- Aug 2003
- Location
- East Coast
- Posts
- 2,082
or just buy a barracuda if it's a huge issue
-
09-05-2007, 04:48 AM #10Junior Guru Wannabe
- Join Date
- Aug 2007
- Posts
- 60
-
09-05-2007, 12:04 PM #11Web Host :)
- Join Date
- Jan 2002
- Location
- Boston
- Posts
- 5,014
This is also a good read should you end up getting your own server someday.
Catching Spammers
I would also be a bit hesitant if that is the typical response you are getting from your host as it is obviously something they pulled out of thin air
-
09-09-2007, 02:56 PM #12Junior Guru Wannabe
- Join Date
- Nov 2006
- Posts
- 64
I think that the poster might be experiencing the same issue I am seeing. Spamassassin is not working on the server. Emails show the following in the full headers:
X-Spam-Status: No, score=
X-Spam-Score:
X-Spam-Bar:
X-Spam-Flag: NO
As a result, no emails are getting flagged as Spam and all of it is coming through.
I found some information that may be of assistance to you:
http://forums.spry.com/showthread.php?t=1396
(The "Additional notes from their official support forums" that starts halfway down looks the most useful.)
Based on that and some other sites, it appears that the problem might stem from Spamassassin/cPanel 11 issues.
A thread on the cPanel forums (you must register to read it) indicates that this is a known bug. However, some posters have been able to resolve it by rolling Spamassassin back to 3.1.8:
http://forums.cpanel.net/showpost.php?p=311818&postcount=23
-
09-09-2007, 03:02 PM #13Junior Guru
- Join Date
- Nov 2005
- Location
- Romania
- Posts
- 194
You could use grscripts.com anti-spam filter. I use it on all my servers, and it works flawlessly !!
-
09-09-2007, 05:45 PM #14Junior Guru Wannabe
- Join Date
- Nov 2006
- Posts
- 64
Not rolling back to SpamAssassin 3.1.8, so what I have done is put an hourly cron job in place that restarts SpamAssassin:
"/scripts/restartsrv spamd" is the command. So far, it seems to be working.
Here is the whole cPanel thread, btw (the URL in my earlier post takes you to a single post):
http://forums.cpanel.net/showthread....818#post311818
-
10-26-2007, 07:20 AM #15Newbie
- Join Date
- Oct 2007
- Posts
- 8
To add to that point C-panel by its nature is a hosting platform that encourages unlimited mailboxes. The bottom line is SA is not performing (check tread on SA resources hog) freeware will only get you so far. Dynamic IP blacklisting blocks spam on a behavior basis at source before it comes down your pipe whereby reducing strain on severs.This is just one of many solutions.
-
10-26-2007, 03:47 PM #16Junior Guru
- Join Date
- Nov 2005
- Location
- Romania
- Posts
- 194
Or simply get someone to install ASSP, and you won`t have any headaches any more.
-
10-29-2007, 02:32 AM #17Web Hosting Master
- Join Date
- Jan 2004
- Posts
- 1,042
-
10-29-2007, 02:37 AM #18Junior Guru
- Join Date
- Nov 2005
- Location
- Romania
- Posts
- 194
-
10-29-2007, 02:43 AM #19Web Hosting Master
- Join Date
- Jan 2004
- Posts
- 1,042
SSL is needed if you care about the security of your email transactions. And the solution posted on wiki is a hack and reporting wont work for correctly for any SSL based connections then. Until ASSP suppports native ssl connections, i wouldnt call it a enterprise solution.
-
10-29-2007, 04:57 AM #20Junior Guru
- Join Date
- Nov 2005
- Location
- Romania
- Posts
- 194
I call it a very good solution.
-
10-29-2007, 04:58 AM #21Newbie
- Join Date
- Oct 2007
- Posts
- 8
Cant Agree more
"enterprise solution" is exactly that, a solution which is of bigger scale and cannot afford to fail as we are talking about "paying" clients. Reporting is the only way to effectively monitor progress and effectively be able to react to problems and or find solutions before they crop up.
-
10-29-2007, 07:08 AM #22
And who says it CAN'T support SSL Connections?
Out of the box, you're right, it can't. However, you have the complete option of modifying anything you want to with ASSP.
Don't like the solution posted in a "wiki" ? Find something that works for you. Redesign it so that it DOES work for you.
"and why should we drop you a pm to get solution? "
Theres only one reason someone would suggest such a thing: They're trying to sell services outside of the proper forums.
ASSP is the best (proper) solution, bar none for any spam problem. It can do so much more than spamassassin ever did, and does it properly.Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
10-29-2007, 07:10 AM #23Junior Guru
- Join Date
- Nov 2005
- Location
- Romania
- Posts
- 194
Plus let`s not forget the memory usage, it`s very low on high volumes.
-
10-29-2007, 07:29 AM #24Newbie
- Join Date
- Oct 2007
- Posts
- 8
I don't sell services,our company does i dont even work in sales. You will also notice that i mentioned layers of protection not one single solution. here is a quote form Wiki
"ASSP’s primary target audience is mail administrators or system administrators at smallish institutions. If you operate an ISP or a mailhost with a heterogeneous user base you may not have a good enough consensus about what spam is or is not. It should work well with between 1 and 300 client addresses and a mail volume of up to around 100,000 messages per day. Testing has not been done to verify these ranges – if you discover otherwise please leave a note in the discussion page or send a message to the email list."
I am truly sorry but untested for smallish institution does not constitute "enterprise"
-
10-29-2007, 07:56 AM #25
apparently you forgot to read the most important part:
Testing has not been done to verify these ranges
ASSP can handle much more than that. Assuming the 100k messages, that would be 1.5 messages per second continuously throughout the day. That's nothing. Now, if this were 5-10x that amount, then maybe there'd be a reason for concern, but if you're pushing 500k-1m messages a day, you need to ballance things more efficiently. If you're processing THAT MUCH on a CPANEL server, then ASSP is most definitely the only way you're going to be able to keep stability and uptime.
For "cpanel", ASSP is MUCH more effective than spamd/spamassassin. It doesn't load the server down and it certainly won't break cpanel (like custom rulesets do for SA/CPanel constantly), because it's just one line in the Cpanel configuration.
If you want to consider "enterprise" applications and you discount ASSP, you're seriously doing yourself a major disservice. ASSP can keep up with every possible imaginable solution out there, and outperform it, hands down.
I don't sell services,our company does i dont even work in sales.
I deal with C-panel users all the time as I work for a global solutions company. Most of them are having problems with SA and not to mention boxtrapper, drop me a mail if you would like to look at a solution, check out bluehost and hostmysite for an idea.Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons