Tech Tips

Do you want to protect your CPanel and WHM Server from being blacklisted? Spammers use compromised websites, mail accounts, and servers to send thousands of spam mail. By the time the web host comes to know about the outgoing spam, the server IP would have been blacklisted thereby legitimate mails would start going into the Junk / Spam folder and subsequently start bouncing.

Velan Server Support Services engineers help small and medium hosting providers

1. Recover from spamming incidents
2. Keep the servers spam free
3. Keep the Server IPs from being blacklisted

Email spoofing and ways to prevent it

76% of spamming in web hosting servers happen due to email spoofing. In spoofing, mails are sent using a fake / invalid “From” address, which may be a valid email account in the server.

This results in email bounces, failure messages from these emails return to the server’s mail queue and fill it up. At Velan, cutting down spoofed mail is always a priority for us in cPanel and WHM server management.

Similarly, a spammer can use a compromised mail account in the server (eg. [email protected]), and set the spam mails “From” address as [email protected]

Such spoofed emails can cause the mail server to be blacklisted and affect the reputation thereby prevent further email delivery.

To fix outbound spamming in web hosting servers, we have noticed that spoofed emails originate from the below three sources:

1. Spammers exploiting vulnerable mail scripts in the server to send out spoofed emails
2. Using compromised email account details to send spoofed emails after authentication
3. Misusing the vulnerabilities in the mail server configuration

Velan Engineers use several methods to keep web hosting servers spam free. Velan Engineers sets up custom security rules for mail servers.

This document will show how to bring down the spam that uses fake “From” address

Blocking outgoing spam in cPanel due to unauthenticated spoofing

To block outgoing spam from cPanel servers, we need to configure custom ACL rules in the Exim mail server. These rules check the email headers of the outbound mails and get the domain name from the “From” address.

The domains in a WHM/cPanel server can be categorized into two lists

1. Local Domains – Domains that use the local mail server
2. Remote Domains – Domains that use external mail server

If the domain name in “From” address does not match with the domain names in any of these two lists, the ACL filter would deny the email from being sent from the mail server thereby protecting the server from spoofing.

Blocking all un-authenticated spoofed outbound emails

Add the following code below acl_not_smtp:

deny

condition=${if!match_domain{${domain:${address:$h_From:}}}{+local_domains: +remote_domains: +allow_domains}}

message = Sorry, you don’t have permission to send email from this server with a header that states the email is from ${lc: :${domain:${address:$h_from:}}}}

accept

Blocking all authenticated spoofed outbound emails

Add the following code below acl_not_smtp:

deny

authenticated = *

condition = ${if ! match_domain{${domain:${address:$h_From:}}}{+local_domains : +remote_domains : +allow_domains}}

message = Sorry, you don’t have permission to send email from this server with a header that that’s the email is from ${lc:${domain:${address:$h_from:}}}

accept

Note: Editing of Exim configuration file should be done with utmost caution as a small mistake in configuration can break the mail server.

At Velan, our Server Support Engineers can help you to block outgoing spam in Cpanel and WHM servers with their expertise in configuring custom ACL rules and ensuring uptime for mail servers. For details please visit – Manged IT Services