Blocking spoofed mails going out from your cPanel/WHM server to protect it from blacklists
Outgoing spam is a major head ache for many web hosts. Spammers use compromised websites or mail accounts to send thousands of spam mail within a few mins.
By the time the web host comes to know about it, the server IP would be blacklisted (eg. SpamHaus SBL), and legitimate mails would be bouncing left and right.
[ Want to know how we handle spamming and other security incidents in lightning speed? Click here to know more.. ]
What is email spoofing? Why should you prevent it?
76% of spamming in web hosting servers happen mainly due to email spoofing. In spoofing, mails are sent using a fake ‘From’ address, which can be a valid email account in the server.
As a result, email bounces or failure messages for these mails would come back to your server’s mail queue and fill it up. So, cutting down spoofed mail is always a priority for us, in cPanel server management.
Similarly, a spammer can use a compromised mail account in your server (say firstname.lastname@example.org), and set the spam mail’s “From” address as a different address like “email@example.com”.
Such spoofed mails can cause your mail server to be blacklisted, which would affect the server reputation and prevent further email delivery.
In our experience fixing outbound spamming in web hosting servers, Bobcares engineers have noticed spoofed mails originating from the following three sources:
- Spammers exploiting vulnerable mail scripts in the server to send out spoofed mails.
- Using compromised mail account details to send spoofed mails after authentication.
- Misusing the vulnerabilities in mail server configuration.
We use several methods to keep web hosting servers spam-free. Setting up custom security rules for mail servers is one of them. Today we’ll take a look at how we cut down spam that used fake (aka spoofed) “From” address.
[ Use your time to build your business. We’ll take care of your customers. Hire Our Hosting Support Specialists at $12.99/hr. ]
1. Block outgoing spam in cPanel due to unauthenticated spoofing
Unauthenticated spoofing involves spammers exploiting any vulnerable forms in your server and sending out outgoing spam from it using your local mail server, but with a fake ‘From’ address.
To block outgoing spam from cPanel servers, we configure custom ACL rules in Exim mail server. These rules check the email headers of the outbound mails and get the domain name in the ‘From’ address.
The domains in a cPanel server can be categorized into two lists, based on their choice of mail server. 1. Local domains – that use local mail server. 2. Remote domains – that use external mail server.
If the domain name in ‘From’ address does not match with the domain names in any of these two lists, the ACL filter would deny that mail from being delivered using the mail server, thus protecting it from spoofing.
But editing the Exim configuration file should be done with utmost caution, as even a minute mistake can mess up with the mail server and break its normal functioning.
At Bobcares, our Dedicated Support Specialists block outgoing spam in Cpanel servers with their expertise configuring custom ACL rules and ensuring smooth Exim mail server functioning.
[ Running a hosting business doesn’t have to be hard, or costly. Get world class Hosting Support Specialists at $12.99/hour (bulk discounts available) ]
Up next: Prevent authenticated spoofing