Page 1 of 2 12 LastLast
Results 1 to 25 of 28
  1. #1

    cPanel and Spam issues

    I'm currently getting spammed out the wazzoo on my hosting server and I sent them a support ticket about it and they said it was related to cPanel and that tons of people are having this issue. However I'm not so sure as I poked at a few of the forums here and did a search and nobody seems to be having the same problems. They said they'd fix it when a fix was coming out, but nothing yet and I'd assume it would be a big enough issue for cPanel to release an immediate fix, or at least roll back the system.

    Is there a bug in cPanel currently or are they lying to me? Is there any way to curb spam past spam assassin since that doesn't seem to be working?

  2. #2
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,771
    spam mails are targeted on to a specific domain on your server?
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  3. #3
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,134
    Quote Originally Posted by Maverynthia View Post
    Is there a bug in cPanel currently or are they lying to me? Is there any way to curb spam past spam assassin since that doesn't seem to be working?
    This is an incorrect statement, there is no known "bug" in cpanel that promotes spam. Anyone saying this really doesn't have a clue what they're doing.

    How to remove spam? That's a touchy thing really, there's a million thoughts and ideas on the matter, and all that really works is what works for YOU.

    A few tricks:
    A> Setup a default address for your domain, set it to :fail: . Nothing else, just fail.
    B> Remove ALL email links from your websites. Believe it or not those are harvested constantly
    C> Adjust spamassassin filters (if you really MUST use SA)
    D> Make sure your CONTACT forms have some sort of captcha protection.

    If you have root access, add some sort of advanced spam filtering (RBLs, ASSP, whatever) to the list.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  4. #4
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,771
    Check if nobody spams are flowing in large number. You can enable extended logging in exim and watch exim_mainlog for spammer.

    1. Edit /etc/exim.conf

    2. On the second line add :


    log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn \

    Make sure all that comes on a single line.

    3. Save and exit.
    4. Restart Exim.

    Tail exim_mainlog and watch the cwd (current working directory) for the spam source.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  5. #5
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,134
    Quote Originally Posted by david510 View Post
    Check if nobody spams are flowing in large number. You can enable extended logging in exim and watch exim_mainlog for spammer.

    1. Edit /etc/exim.conf
    2 problems there:
    #1:
    The user said they checked with their "hosting company", they probably DON'T have root access to do this.
    #2 (more importantly):
    NEVER make changes to exim.conf directly. ALWAYS use WHM's configuration editor!
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  6. #6
    A.) OK so first set up and e-mail account with the name :fail: and direct all default mail to that, correct? (I should note the e-mail I'm getting spammed at is NOT the default e-mail. Though they may be spamming xxx@domain.com.)
    B.) I'm not even sure I have it on there in the first place :/ I can go check.
    C.) I'm not sure on what else I /can/ use. That appears to be the default on the system. I have adjusted the filters (or so I thought), how else can they be adjusted (I used the SA examples listed..)
    D.) What kind of contact forms do you suggest? (I haven't used any that have a capture device on them.)

    As for david510:
    Yeah I don't have root access :/ I'd love to set up my own server but I don't really know how... (I have the linux though)

  7. #7
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,134
    A>
    This is a special mail address, you don't need to set this up, just set your default to :fail:
    B>
    You do that
    C>
    Personally, I don't use or recommend SA, as it completely loads a server down easily with enough rules, soooo, I'll let someone else ecomment on that one.
    D>
    All you need to do is find a reasonable capcha system, implement it into your contact forms and you're good to go. You don't even have to switch software, just edit a couple of lines in the form. There's enough capcha systems out there that you will find one (eventually) that's easy enough for you to use.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  8. #8
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,771
    Quote Originally Posted by linux-tech View Post
    2 problems there:
    #2 (more importantly):
    NEVER make changes to exim.conf directly. ALWAYS use WHM's configuration editor!
    Ok I agree. For beginners, I also suggest that way.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  9. #9
    Join Date
    Aug 2003
    Location
    East Coast
    Posts
    2,082
    or just buy a barracuda if it's a huge issue

  10. #10
    Join Date
    Aug 2007
    Posts
    60
    Quote Originally Posted by david510 View Post
    Check if nobody spams are flowing in large number. You can enable extended logging in exim and watch exim_mainlog for spammer.

    1. Edit /etc/exim.conf

    2. On the second line add :


    log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn \

    Make sure all that comes on a single line.

    3. Save and exit.
    4. Restart Exim.

    Tail exim_mainlog and watch the cwd (current working directory) for the spam source.
    Thanks for that! This is definitely a keeper.

  11. #11
    Join Date
    Jan 2002
    Location
    Boston
    Posts
    5,014
    This is also a good read should you end up getting your own server someday.

    Catching Spammers

    I would also be a bit hesitant if that is the typical response you are getting from your host as it is obviously something they pulled out of thin air

  12. #12
    Join Date
    Nov 2006
    Posts
    64
    I think that the poster might be experiencing the same issue I am seeing. Spamassassin is not working on the server. Emails show the following in the full headers:

    X-Spam-Status: No, score=
    X-Spam-Score:
    X-Spam-Bar:
    X-Spam-Flag: NO


    As a result, no emails are getting flagged as Spam and all of it is coming through.

    I found some information that may be of assistance to you:

    http://forums.spry.com/showthread.php?t=1396
    (The "Additional notes from their official support forums" that starts halfway down looks the most useful.)

    Based on that and some other sites, it appears that the problem might stem from Spamassassin/cPanel 11 issues.


    A thread on the cPanel forums (you must register to read it) indicates that this is a known bug. However, some posters have been able to resolve it by rolling Spamassassin back to 3.1.8:

    http://forums.cpanel.net/showpost.php?p=311818&postcount=23
    Andrew Borntreger
    Champion of Cinematic Disasters
    The Bad Movie Website
    www.badmovies.org

  13. #13
    Join Date
    Nov 2005
    Location
    Romania
    Posts
    194
    You could use grscripts.com anti-spam filter. I use it on all my servers, and it works flawlessly !!

  14. #14
    Join Date
    Nov 2006
    Posts
    64
    Not rolling back to SpamAssassin 3.1.8, so what I have done is put an hourly cron job in place that restarts SpamAssassin:

    "/scripts/restartsrv spamd" is the command. So far, it seems to be working.

    Here is the whole cPanel thread, btw (the URL in my earlier post takes you to a single post):

    http://forums.cpanel.net/showthread....818#post311818
    Andrew Borntreger
    Champion of Cinematic Disasters
    The Bad Movie Website
    www.badmovies.org

  15. #15
    To add to that point C-panel by its nature is a hosting platform that encourages unlimited mailboxes. The bottom line is SA is not performing (check tread on SA resources hog) freeware will only get you so far. Dynamic IP blacklisting blocks spam on a behavior basis at source before it comes down your pipe whereby reducing strain on severs.This is just one of many solutions.

  16. #16
    Join Date
    Nov 2005
    Location
    Romania
    Posts
    194
    Or simply get someone to install ASSP, and you won`t have any headaches any more.

  17. #17
    Join Date
    Jan 2004
    Posts
    1,042
    Quote Originally Posted by FHH - Adrian View Post
    Or simply get someone to install ASSP, and you won`t have any headaches any more.
    ASSP doesnt support SSL natively, so I cant use it unless i want to throw reporting out the door. Do your customers really not use SSL at all?

  18. #18
    Join Date
    Nov 2005
    Location
    Romania
    Posts
    194
    Quote Originally Posted by MACscr View Post
    ASSP doesnt support SSL natively, so I cant use it unless i want to throw reporting out the door. Do your customers really not use SSL at all?
    SSL isn`t that really needed. Plus there are ways ( 1 is even mentioned on ASSP`s wiki ) on how to use SSL.
    Nothing that a proxy can`t do.

  19. #19
    Join Date
    Jan 2004
    Posts
    1,042
    Quote Originally Posted by FHH - Adrian View Post
    SSL isn`t that really needed. Plus there are ways ( 1 is even mentioned on ASSP`s wiki ) on how to use SSL.
    Nothing that a proxy can`t do.
    SSL is needed if you care about the security of your email transactions. And the solution posted on wiki is a hack and reporting wont work for correctly for any SSL based connections then. Until ASSP suppports native ssl connections, i wouldnt call it a enterprise solution.

  20. #20
    Join Date
    Nov 2005
    Location
    Romania
    Posts
    194
    I call it a very good solution.

  21. #21

    Cant Agree more

    Quote Originally Posted by MACscr View Post
    SSL is needed if you care about the security of your email transactions. And the solution posted on wiki is a hack and reporting wont work for correctly for any SSL based connections then. Until ASSP suppports native ssl connections, i wouldnt call it a enterprise solution.
    "enterprise solution" is exactly that, a solution which is of bigger scale and cannot afford to fail as we are talking about "paying" clients. Reporting is the only way to effectively monitor progress and effectively be able to react to problems and or find solutions before they crop up.

  22. #22
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,134
    Quote Originally Posted by MACscr View Post
    SSL is needed if you care about the security of your email transactions. And the solution posted on wiki is a hack and reporting wont work for correctly for any SSL based connections then. Until ASSP suppports native ssl connections, i wouldnt call it a enterprise solution.
    And who says it CAN'T support SSL Connections?
    Out of the box, you're right, it can't. However, you have the complete option of modifying anything you want to with ASSP.

    Don't like the solution posted in a "wiki" ? Find something that works for you. Redesign it so that it DOES work for you.

    "and why should we drop you a pm to get solution? "
    Theres only one reason someone would suggest such a thing: They're trying to sell services outside of the proper forums.

    ASSP is the best (proper) solution, bar none for any spam problem. It can do so much more than spamassassin ever did, and does it properly.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  23. #23
    Join Date
    Nov 2005
    Location
    Romania
    Posts
    194
    Plus let`s not forget the memory usage, it`s very low on high volumes.

  24. #24
    Quote Originally Posted by linux-tech View Post
    And who says it CAN'T support SSL Connections?
    Out of the box, you're right, it can't. However, you have the complete option of modifying anything you want to with ASSP.

    Don't like the solution posted in a "wiki" ? Find something that works for you. Redesign it so that it DOES work for you.

    "and why should we drop you a pm to get solution? "
    Theres only one reason someone would suggest such a thing: They're trying to sell services outside of the proper forums.

    ASSP is the best (proper) solution, bar none for any spam problem. It can do so much more than spamassassin ever did, and does it properly.
    Quote Originally Posted by Grove View Post
    no probs, only reason for a pm being that usually its more than one problem that needs to be resolved in order to form one complete solution, To look at an example of a full "package" try looking at bluehost.com as they offer the extra layers of protection of course i can discuss it here.
    I don't sell services,our company does i dont even work in sales. You will also notice that i mentioned layers of protection not one single solution. here is a quote form Wiki

    "ASSP’s primary target audience is mail administrators or system administrators at smallish institutions. If you operate an ISP or a mailhost with a heterogeneous user base you may not have a good enough consensus about what spam is or is not. It should work well with between 1 and 300 client addresses and a mail volume of up to around 100,000 messages per day. Testing has not been done to verify these ranges – if you discover otherwise please leave a note in the discussion page or send a message to the email list."

    I am truly sorry but untested for smallish institution does not constitute "enterprise"

  25. #25
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,134
    apparently you forgot to read the most important part:
    Testing has not been done to verify these ranges
    These are only "estimates". Since they haven't been tested,t hat's only someone's (un)educated guess as to the limits, and, in this case, way way off.

    ASSP can handle much more than that. Assuming the 100k messages, that would be 1.5 messages per second continuously throughout the day. That's nothing. Now, if this were 5-10x that amount, then maybe there'd be a reason for concern, but if you're pushing 500k-1m messages a day, you need to ballance things more efficiently. If you're processing THAT MUCH on a CPANEL server, then ASSP is most definitely the only way you're going to be able to keep stability and uptime.

    For "cpanel", ASSP is MUCH more effective than spamd/spamassassin. It doesn't load the server down and it certainly won't break cpanel (like custom rulesets do for SA/CPanel constantly), because it's just one line in the Cpanel configuration.

    If you want to consider "enterprise" applications and you discount ASSP, you're seriously doing yourself a major disservice. ASSP can keep up with every possible imaginable solution out there, and outperform it, hands down.



    I don't sell services,our company does i dont even work in sales.
    really, let's re-examine your post shall we?
    I deal with C-panel users all the time as I work for a global solutions company. Most of them are having problems with SA and not to mention boxtrapper, drop me a mail if you would like to look at a solution, check out bluehost and hostmysite for an idea.
    You were most DEFINITELY promoting your own services (or that of your company, who cares) outside of the appropriate areas. That is a sales pitch if I ever saw one.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •