For Providers -- how do we avoid SPAM?

[JustinNoel]

I've been running a free web for over 9 months now, and controlling free users is not as easy. Handling over 400 websites in the server is a bit rough, and honestly, there are still parts that I am not pretty knowledgeable of.

I am running servers in cPanel. How do we avoid SPAM e-mails? It is very unfortunate that I have to report once in a while to e-mail hosting providers to allows e-mails from the my server IP since they were attacked by some scripts that SPAM them out.

Any suggestions, help or comments are welcome.

 

[hamster]

Disable nobody from sending out emails, forcing users to use SMTP auth to send any emails. That way, any emails sent out are easily traceable.

 

[JustinNoel]

Thanks hamster. I have enabled that just now.

I don't know what does PHPSuexec and Suexec do. Should I have my apache recompiled with these enabaled? Will they help improve server performance and avoid spam?

 

[hamster]

Well personally I'm a fan of DirectAdmin on free hosting services because it's easier to manage. Each user has their own httpd.conf with their VirtualHosts, so whatever mail is sent out is very easy to track down using mail headers.

 

[JustinNoel]

I like direct admin handles conf too. I just have to stick with cPanel since users really demand for this. Thanks hamster.

 

[Sitebee]

Im with Hamster on that one, Disable sendmail.
But if you no dont want to do that theres a couple of free scripts from configserver that can be quite useful: ConfigServer Mail Queues, ConfigServer Mail Manage.

One suggestion would to be googlemail for your users more info here on that: ( http://stonerocket.net/blog/2008/11/09/add-google-apps-to-your-free-hosted-account.html )

Also CGI scripts can also pump out mass mail you might want to plug the holes on that aswell.

Personally I would recommend disabling sendmail, but a lot of users will not like that and many will complain.

 

[shakir]

How do we avoid SPAM e-mails?

Use server side validation and also use image validation to avoid tools for submission

 

[TSO]

It also helps to have some sort of auto account monitor that prevents more than, say, 100 emails being sent every hour. This can be really hard to code for a third-party panel, though. I know some folks who have created things of this sort, however, and I know it helped them out tremendously, shaving several hours a day off of manual account monitoring activities and addressing complaints.

 

[mainenotarynet]

Question on disable Sendmail() --

If I do this wouldn't that effect the ability to have one of your web pages (say a custom 404 page) from alerting you to an error?

I have something like this so How would you set up the same using STMOP through a web page.

Just asking -- I get mail sent to me from me that I never sent myself (so I know of the spam)

Thanks

 

[Dynash]

Any errors would be saved in the error_log. Sendmail wouldn't affect it either way, since sendmail is used on the script side of things.

 

[mainenotarynet]

I think you may have misunderstood -- I have a custom e404.php page that sends me an email when a visitor encounters that page only if they hit the submit button on the form -- so there is a script involved as well as automated emails from Cron Jobs set in my control panel. Since these are scripts that use sendmail() the same question still remains:

If I do this wouldn't that effect the ability to have one of your web pages (say a custom 404 page) from alerting you to an error?

I have something like this so how would you set up the same using STMP through a web page/script?

 

[Dynash]

In that case, it will, but you simply don't disable sendmail on your account.

 

[dbbrock1]

What I decided to do was just not to allow email sending all together.
Two reasons for this - 1) SPAM central 2) Email counts for like 50% of overall CPU usage

 

[dbbrock1]

and not to mention that 95% of support requests are related to email in the first place.

 

[engineerroy2008]

A simple way is to use Google apps for the domains if they have a domain, if not use spamassasin with tough rules it will prevent a good amount of spam

 

[DevilsHost]

Disabling sendmail may cause problems for innocent users who need to send emails from their blogs, or forums etc but is non-the-less a wise idea, thankfully ive escaped any spammers yet but if they come I am ready for them.

Perhaps limiting the total number of emails they can send per hour is an idea, perhaps something like 100-150 is sensible for most.