Welcome to YLOAN.COM
HOME MARKETS TRADE SOLUTIONS TECH CONTACT
yloan.com » Web-Hosting » How To Prevent Spamming By Using Cpanel?
Online Business Site Promotion Web misc Affiliate-Revenue Auctions Audio-Streaming Autoresponders Blogging-Rss Email-Marketing Ezine-Publishing Forums Internet-Marketing List-Building PPC-Advertising Podcasting SEO Spam-Blocker Traffic-Building Video-Streaming Web-Design Web-Development Web-Hosting Domain Name soreness web analysis vinyl mlm searching media info spyware access microsoft outlook farmville

How To Prevent Spamming By Using Cpanel?

cPanel servers have a good small file named as antivirus.exim

. It is a central filter for the exim mail server which lets you setup all kinds of good filters which helps you to stop spam from coming in and going out of your server.

In this article I will provide you my /etc/antivirus.exim config file which will help you to protect your servers from spammers. First off the default /etc/antivirus.exim has a couple different rule sets in it. The main ones are attachment filters to help stop email viruses from your users. They stop things like .src and .com and .exe attachments.This shows you some custom rules to stop spammers from sending out of your server, you can also use it to stop spam from coming in. I dont really go into a lot of detail for filtering incoming mail since other applications like Spam Assassin handle that better IMO.

You will need root access to your cPanel server.

First off we need to create a special log file for these filters do this:


touch /var/log/filter.log

chmod 0644 /var/log/filter.log

Now open up the configuration file

vi /etc/antivirus.exim

Simply add this to your existing file, and save the changes and they take effect instantly.

# START

# Filters all incoming an outgoing mail

logfile /var/log/filter.log 0644

## Common Spam

if

# Header Spam

$header_subject: contains Pharmaceutical

or $header_subject: contains Viagra

or $header_subject: contains Cialis

or $header_subject: is The Ultimate Online Pharmaceutical

or $header_subject: contains ***SPAM***

or $header_subject: contains [SPAM]

# Body Spam

or $message_body: contains Cialis

or $message_body: contains Viagra

or $message_body: contains Leavitra

or $message_body: contains St0ck

or $message_body: contains Viaagrra

or $message_body: contains Cia1iis

or $message_body: contains URGENT BUSINESS PROPOSAL

or $message_body matches angka[^s]+[net|com|org|biz|info|us|name]+?

or $message_body matches v(i|1)agra|vag(i|1)n(a|4)|pen( i|1)s|asu|seks|l(o|0)l(i|1)ta|dewacolok

then

# Log Message SENDS RESPONSE BACK TO SENDER

# SUGGESTED TO LEAVE OFF to prevent fail loops

# and more work for the mail system

#fail text Message has been rejected because it hasn

# triggered our central filter.

logwrite $tod_log $message_id from $sender_address contained spam keywords

seen finish

endif

# END

# Filters all incoming an outgoing mail

# START

# All outgoing mail on the server only what is sent out

#Check forwarders so it doesnt get blocked

#Forwarders still work =)

## FINANCIAL FAKE SENDERS

## Log all outgoing mail from server that matches rules

logfile /var/log/filter.log 0644

if (

$received_protocol is local or

$received_protocol is esmtpa

) and (

$header_from contains @citibank.com or

$header_from contains @bankofamerica.com or

$header_from contains @wamu.com or

$header_from contains @ebay.com or

$header_from contains @chase.com or

$header_from contains @paypal.com or

$header_from contains @wellsfargo.com or

$header_from contains @bankunited.com or

$header_from contains @bankerstrust.com or

$header_from contains @bankfirst.com or

$header_from contains @capitalone.com or

$header_from contains @citizensbank.com or

$header_from contains @jpmorgan.com or

$header_from contains @wachovia.com or

$header_from contains @bankone.com or

$header_from contains @suntrust.com or

$header_from contains @amazon.com or

$header_from contains @banksecurity.com or

$header_from contains @visa.com or

$header_from contains @mastercard.com or

$header_from contains @mbna.com

)

then

logwrite $tod_log $message_id from $sender_address is fraud

seen finish

endif

## OTHER FAKE SENDERS SPAM

## Enable this to prevent users using @domain from addresses

## Not recommended since users do use from addresses not on the server

## Log all outgoing mail from server that matches rules

logfile /var/log/filter.log 0644

if (

$received_protocol is local or

$received_protocol is esmtpa

) and (

$header_from contains @hotmail.com or

$header_from contains @yahoo.com or

$header_from contains @aol.com

)

then

logwrite $tod_log $message_id from $sender_address is forged fake

seen finish

endif

## KNOWN FAKE PHISHING

### Log all outgoing mail from server that matches rules

logfile /var/log/filter.log 0644

if (

$received_protocol is local or

$received_protocol is esmtpa

) and (

#Paypal

$message_body: contains Dear valued PayPal member or

$message_body: contains Dear valued PayPal customer or

$message_body: contains Dear Paypal or

$message_body: contains The PayPal Team or

$message_body: contains Dear Paypal Customer or

$message_body: contains Paypal Account Review Department or

#Ebay

$message_body: contains Dear eBay member or

$message_body: contains Dear eBay User or

$message_body: contains The eBay team or

$message_body: contains Dear eBay Community Member or

#Banks

$message_body: contains Dear Charter One Customer or

$message_body: contains Dear wamu.com customer or

$message_body: contains Dear valued Citizens Bank member or

$message_body: contains Dear Visa or

$message_body: contains Dear Citibank or

$message_body: contains Citibank Email or

$message_body: contains Dear customer of Chase Bank or

$message_body: contains Dear Bank of America customer or

#ISPs

$message_body: contains Dear AOL Member or

$message_body: contains Dear AOL Customer

)

then

logwrite $tod_log $message_id from $sender_address is phishing

seen finish

endif

# END

# All outgoing mail on the server only what is sent out

The log file will have the logging format like this:

/var/log/filter.log

2006-05-10 12:05:13 1Fds7S-0002Sa-MV from smooth595@gmail.com contained spam keywords

2006-05-10 14:18:47 1FduCn-0006GV-1r from dayton.nowellu7xn@gmail.com contained spam keywords

2006-04-27 15:44:35 1FZDLn-0005Mo-5z from nobody@ocean.wavepointmedia.com is fraud


2006-04-27 16:37:40 1FZEB9-0002KQ-VP from nobody@ocean.wavepointmedia.com is phishing

Date and time, the Exim message ID, the sender and the section of the filter, like phishing, fraud or spam. You can check the mail message by grepping the exim_mainlog for it like this

grep 1FZEB9-0002KQ-VP /var/log/exim_mainlog

by: Leif Cage
Benefits Of Dedicated Ip Web Host Why Do I Choose Shared Server Hosting? The Steps Of Picking A Good Hosting Provider Finding A Good And Cheap Dedicated Web Hosting Important Tips When Selecting Dedicated Web Hosting Reliable Vps Web Hosting And Dedicated Web Hosting Exchange Dedicated Server Migration What Is Free Or Paid Web Hosting Hosting Web-hosting Mexico Hosting Moving Web Hosting Service Easy Way: How to Move to a New Web Hosting
print

Contact

mail:info@yloan.com

www.yloan.com

About us Infoline Team Join us Cooperation

Products

Yloan information

Our Solutions

Presentation Testimonials Examples Our experts Resources

Press Room

Advertisement Interviews Hot news Photos Marketing

Resources

loan info finance info
www.yloan.com guest:  register | login | search IP(216.73.216.125) California / Anaheim Processed in 0.019818 second(s), 7 queries , Gzip enabled , discuz 5.5 through PHP 8.3.9 , debug code: 284 , 7418, 242,
How To Prevent Spamming By Using Cpanel? Anaheim