|
|||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
| Dedicated Servers Dedicated hosting, running your own webserver, and managed server discussions. |
 |
|
|
Thread Tools |
24-04-2006, 08:04 AM
|
||||
|
||||
Beating Spam (Linux)
Okay - so we all know what a pain SPAM (unsolicted email) can be... If you think that the hundred or so SPAM emails that you get a day is high, you should try being a server administrator, who see's tens of thousands of SPAM emails per day in the server's mail queue.
Normally email is held in a cPanels queue for 4 days, if it cannot be delivered after that it is deleted - this can still lead to massive queue's if your server is being used as a SPAM relay... Outbound SPAM This is caused by either by a spammer on your server or more likely a spammer has exploited a sendmail script on a website that is hosted on your server... So firstly you need to find all the instances of sendmail that are currently installed on your server - you will need root SSH access for this: type the following in a SSH window: host# updatedb host# locate formmail This will show you where all the instances of formail are located, you can then make sure that these are the latest version of formail. It used to be said that just renaming the formail script was enough to fool the spammers - this is now not the case... Any formail script (no matter of it's name) will be visited by the spam bots  INBOUND SPAM Not as easy to deal with... most people wonder why they have recieved spam on certain email addresses - you see it posted on forums all over the place "I receive spam to bob@mydomain.com but I don't advertise that address anywhere..." type of messages are common place and why? Because spammers use dictionary attack methods for the sending of spam. They no longer use "lists" of email address, they simply use a script that will add ANYWORD@yourdomain.com - the ANYWORD part being a word from a common list of say 1000 words (common names are also included in the "disctionary"). They will then send these 1000 emails to your domain hoping that a few will get through (they can also detect which email were successfull if you open the email!) So how do we stop / block this? By using a script like this one http://www.configserver.com/free/eximdeny.html If basically detects the sending of email to a domain with random words attached - If the same person sends more that 4 emails to you in one session then the system blocks their IP address to stop them from sending anymore. There are instructions on the site on how to install the script.  You can also follow these simple steps in WHM to help stop SPAM: a) Set all default email addresses to :fail: b) Set a limit to the emails a domain can send per hour c) Set some spam filters based on spamlists
__________________
Contact me for a great deal on UK or USA based hosting, multi-domain hosting and fully managed dedicated servers.
|
|
24-04-2006, 08:30 AM
|
||||
|
||||
|
Re: Beating Spam (Linux)
That's a good tutorial, and it's nice to see the different ways to combat spam.
 I'm glad I'm not the only one who gets hit by the random string on the domain spam - have one account with 123dedicated that has a long history of being hit like that, filling my inbox with message undelivered messages. Will have to suggest to them we get that dealt with.
|
|
26-11-2006, 03:05 AM
|
||||
|
||||
|
Re: Beating Spam (Linux)
I don't know if it's more annoying or amazing that people find the time to figure out how to send spam. It just makes you wonder about people. Thanks for the defense plan. We need to be as crafty as they are!
|
|
26-11-2006, 11:27 PM
|
|||
|
|||
|
Re: Beating Spam (Linux)
How does one check the version of formmail? I found several on my server but am not sure how to check version.
|
All times are GMT +1. The time now is 10:59 AM.