Portal Home > Knowledgebase > Articles Database > Too many outbound spams and IP blacklisting
Too many outbound spams and IP blacklisting
| Posted by prashant1979, 05-06-2013, 07:41 AM |
| From the past couple of months, we are facing weird issue of spam emails being sent from our various servers resulting in the IP addresses of the mail servers getting blaclisted. We have found that in most of the cases, the users have virus in their systems or networks which send out spam from our mail servers by authenticating using the login credentials stored in Email clients on the infected computers. In some cases, it is infections in wordpress and Joomla based websites. I am not sure if we are the only ones facing this issue or there are other hosting providers too. All in all it is creating email issues and customers are unhappy with the events. Any other host facing the same issue? If yes, what is your suggestion to stop this menace?
|
| Posted by netmar, 05-06-2013, 08:38 AM |
| If the spams are coming from an authenticated source, then about the only thing that you can do is to add content filtering (spamassassin, probably) to all inbound mail. Then dump anything that gets flagged into a hold queue and review it.
It's not perfect, but the bayesian filter in spamassassin should be trainable if you start with enough of these spams.
Akin
|
| Posted by rocketsciense, 05-06-2013, 08:45 AM |
| Prashant
I agree with you, in that case you can add limitation /hour for each domain or mailbox, and keep monitoring. that's best way practice
|
| Posted by kevincheri, 05-06-2013, 09:01 AM |
| Best way to tackle this is to have a monitoring criteria in place. Say if there are 200+ mails existing in the queue, create a script to send you an email, and then you login to the server nd check if they are genuine. Please also make sure you have per hour email restriction for domain upto say 500 emails/hr.
last and most important, provide logs to your clients that caused the trouble and advice them to do a thorough scan of their machines.
|
| Posted by linux freak, 05-06-2013, 09:17 AM |
| may be you are right there can be a virus in the systems ! but some of the people don't like to receive emails from your end and they mark it as spam so that your Ip got affected... try to use feedback loop system which will let you know who mark your mail as spam and who did not opened it then you will be able to remove those contacts from your email lists.
|
| Posted by prashant1979, 05-06-2013, 10:46 AM |
| We have all these in place, but as you know a single outbound spam is enough for the IP to get blacklisted in RBLs. This has been happening regularly from past couple of months. I am wondering is it just my company or other hosting companies facing the issue too.
|
| Posted by ashok854, 05-06-2013, 10:48 PM |
| I was also wondering how companies like Hostgator or Singlehop are stopping this kind of activity. I think they are also using third party mail server at cPanel/WHM control panel which has inbuilt mail server for their shared hosting offerings.
I do agree with netmar to take care of "training bayesian filter in spamassassin" but still feel something else can be done.
|
| Posted by BestServerSupport, 05-07-2013, 12:20 AM |
| Following are some suggession which most of the hosting companies follow to stop amount of SPAM from their servers:
1. WHM > Tweak Settings > Prevent “nobody” from sending mail
2. WHM > Exim Configuration, select the following:
Set the Sender: Header when the mail sender changes the sender (-f flag passed to sendmail)
3. Adding MailHeaders for PHP
WHM > EasyApache (Apache Update) > Step 6 Exhaustive Options List in the PHP section (PHP 4 and/or PHP 5), select the
following:
MailHeaders
4. Force users to update the versions of their third party installed scripts like WordPress, Joomla etc.
5. Setting up mail sending limit per domain name from WHM > Tweak Settings.
6. Use mail scanner plugin of CSF.
|
Add to Favourites 
Print this Article
Also Read
Dinix.Com (Views: 790)