Results 1 to 2 of 2
  1. #1
    Join Date
    Nov 2003

    Mail proxy: how to stop CGI mail proxies?

    During last week, two of our clients' accounts got compromised (most probably due to weak passwords) and there was a CGI script installed which started sending emails to more than 200,000 email accounts. This email addresses were stored in a text file.

    By the time we noticed this activity, our server got black listed on major RBLs like Barracuda, SpamCop, Spamhaus etc and it took around 2 days to cleanup

    3 days later, another account compromised with same *thing* and it really is pain in the arse now dealing with this and angry clients

    We've already implemented a policy to restrict users to send 100 messages/per hour/domain which is working, but it seems this *thing* bypass exim.

    I guess this Open Proxy Servers a Source of Spam is what i want to explain!!

    So my question is, if I've understood this right, is it possible to stop scripts like this or can we enforce mailman to use exim all the time to send messages and stop direct-mailing?

    Your suggestions are highly appreciated.
    "An army of sheep led by a lion would defeat an army of lions led by a sheep"

  2. #2
    Join Date
    Nov 2004
    If you're running cPanel/WHM, you can turn on the WHM feature called "SMTP tweak" which blocks outgoing email on port 25, so these CGI scripts can't run.

    Also, you'd do well to install CSF. It has an "SMTP tweak" port 25 blocking mechanism as well. It'll also warn you if it sees lots of emails going out.

    It really depends whether the lions were in the mood to listen to the sheep....
    Last edited by brianoz; 06-20-2009 at 06:29 AM.

Similar Threads

  1. how to stop mail-server abuse
    By annuncinetwork in forum Hosting Security and Technology
    Replies: 7
    Last Post: 03-30-2009, 11:12 AM
  2. Stop mail to apache@
    By JediKnight2 in forum Hosting Security and Technology
    Replies: 0
    Last Post: 02-04-2006, 10:53 AM
  3. How to stop e-mail queue of 250.000 e-mails
    By cyberstriker in forum Dedicated Server
    Replies: 7
    Last Post: 03-10-2005, 08:58 PM
  4. Stop < e-mail > Attacks Against Us
    By UnifiedNet in forum Web Hosting
    Replies: 93
    Last Post: 10-12-2004, 08:26 PM
  5. Replies: 1
    Last Post: 01-29-2004, 06:26 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts