CPanel + Exim + User Level Filtering

Nov 18, 2008

whether our webhost has their configuration messed up, or if this is not genuinely possible with cpanel + exim + shared hosting.

Our email server is hosted with the web host, and what we want to do is to not allow certain users to be able to receive (And send) outgoing email to non-local domains e.g. they should only be able send and receive within our hosted domain, @mydomain.com .

Now, we've tried doing this using cpanel's user level filters and have setup the following:

Rules:
If Field To does not contain @mydomain.com OR
If Field From does not contain @mydomain.com

Action:

Fail with message.

We've tested these filters using combinations and they seem to be working as far as we can see on cpanel (it has the filter testing feature)

Now this works for people sending emails into our domain e.g. someone from hotmail tries sending emails to a user, and it bounces back.

But people from inside the domain can send emails to other domains even when they give valid results on the cpanel filter tester.

View 3 Replies


ADVERTISEMENT

Exim Filtering Options In Cpanel

Sep 11, 2008

more specific filtering options in cpanel exactly:

if header from contains 'example' and also header from contains 'example2' then discard

in cpanel it just has one word or phrase i need the filter to check for 2 words in any order in the from field

View 1 Replies View Related

Exim/Cpanel No Such User Here

Jun 25, 2008

I'm having an issue with email generated from a website contact form. The email is being sent from the website via php. The issue is that the email address that it is being sent to is a domain/website that is also on cpanel. It is trying to deliver it to a local account, but the email is acutally on a third party system outside of cpanel. Does anyone know anyway for exim to not try and deliver locally?

View 4 Replies View Related

Exim Filtering

May 29, 2007

I would like to filter some special mails of mine through an external PHP script. Is this possible? I would like to call the php file everytime a mail arrives, and the php file will make changes to that mail text and save in inbox.

My PHP file is ready but i need to make this work in Exim.

View 0 Replies View Related

Exim Filtering Jpg Attachments

Apr 6, 2007

Exim logs:

2007-04-05 15:07:45 1HZYFE-0003DC-Rr <= sales@mydomain.com H=(mta2.srv.hcvlny.cv.net) [167.206.4.197]:42573 I=[xxx.xxx.122.208]:25 P=esmtp S=9925 id=000801c777be$11815a50$34840ef0$@com T="test" from <sales@mydomain.com> for marco@customer.ca maria@customer.ca
2007-04-05 15:07:45 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1HZYFE-0003DC-Rr
2007-04-05 15:07:45 1HZYFE-0003DC-Rr => discarded (system filter)
2007-04-05 15:07:45 1HZYFE-0003DC-Rr Completed QT=1s

This only happens when a 4kb jpeg/jpg attachment is sent. Not sure where its getting caught.

My antivirus.exim file attached

I searched for "jpg" and "jpeg" in that file, nothing showed up.

Code:
# Exim filter
## Version: 0.17
#$Id: system_filter.exim,v 1.11 2001/09/19 11:27:56 nigel Exp $

## Exim system filter to refuse potentially harmful payloads in
## mail messages
## (c) 2000-2001 Nigel Metheringham <nigel@exim.org>
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or
## (at your option) any later version.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with this program; if not, write to the Free Software
## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
## -A copy of the GNU General Public License is distributed with exim itself

## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
## If you haven't worked with exim filters before, read
## the install notes at the end of this file.
## The install notes are not a replacement for the exim documentation
## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

## -----------------------------------------------------------------------
# Only run any of this stuff on the first pass through the
# filter - this is an optomisation for messages that get
# queued and have several delivery attempts
#
# we express this in reverse so we can just bail out
# on inappropriate messages
#
if not first_delivery
then
finish
endif

## -----------------------------------------------------------------------
# Check for MS buffer overruns as per BUGTRAQ.
# [url]
# This could happen in error messages, hence its placing
# here...
# We substract the first n characters of the date header
# and test if its the same as the date header... which
# is a lousy way of checking if the date is longer than
# n chars long
if ${length_80:$header_date:} is not $header_date:
then
fail text "This message has been rejected because it has

an overlength date field which can be used

to subvert Microsoft mail programs

The following URL has further information
[url]
seen finish
endif

## -----------------------------------------------------------------------
# These messages are now being sent with a <> envelope sender, but
# blocking all error messages that pattern match prevents
# bounces getting back.... so we fudge it somewhat and check for known
# header signatures. Other bounces are allowed through.
if $header_from: contains "@sexyfun.net"
then
fail text "This message has been rejected since it has

the signature of a known virus in the header."
seen finish
endif
if error_message and $header_from: contains "Mailer-Daemon@"
then
# looks like a real error message - just ignore it
finish
endif

## -----------------------------------------------------------------------
# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename [content_type_quoted_fn_match]
if $header_content-type: matches "(?:file)?name=("[^"]+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])")"
then
fail text "This message has been rejected because it has

potentially executable content $1

This form of attachment has been used by

recent viruses or other malware.

If you meant to send this file then please

package it up as a zip file and resend it."
seen finish
endif
# same again using unquoted filename [content_type_unquoted_fn_match]
if $header_content-type: matches "(?:file)?name=(\S+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
then
fail text "This message has been rejected because it has

potentially executable content $1

This form of attachment has been used by

recent viruses or other malware.

If you meant to send this file then please

package it up as a zip file and resend it."
seen finish
endif

## -----------------------------------------------------------------------
# Attempt to catch embedded VBS attachments
# in emails. These were used as the basis for
# the ILOVEYOU virus and its variants - many many varients
# Quoted filename - [body_quoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\s*)[\w-]+/[\w-]+|Disposition:(?>\s*)attachment);(?>\s*)(?:file)?name=|begin(?>\s+)[0-7]{3,4}(?>\s+))("[^"]+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])")[\s;]"
then
fail text "This message has been rejected because it has

a potentially executable attachment $1

This form of attachment has been used by

recent viruses or other malware.

If you meant to send this file then please

package it up as a zip file and resend it."
seen finish
endif
# same again using unquoted filename [body_unquoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\s*)[\w-]+/[\w-]+|Disposition:(?>\s*)attachment);(?>\s*)(?:file)?name=|begin(?>\s+)[0-7]{3,4}(?>\s+))(\S+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\s;]"
then
fail text "This message has been rejected because it has

a potentially executable attachment $1

This form of attachment has been used by

recent viruses or other malware.

If you meant to send this file then please

package it up as a zip file and resend it."
seen finish
endif
## -----------------------------------------------------------------------


#### Version history
#
# 0.01 5 May 2000
#Initial release
# 0.02 8 May 2000
#Widened list of content-types accepted, added WSF extension
# 0.03 8 May 2000
#Embedded the install notes in for those that don't do manuals
# 0.04 9 May 2000
#Check global content-type header. Efficiency mods to REs
# 0.05 9 May 2000
#More minor efficiency mods, doc changes
# 0.06 20 June 2000
#Added extension handling - thx to Douglas Gray Stephens & Jeff Carnahan
# 0.07 19 July 2000
#Latest MS Outhouse bug catching
# 0.08 19 July 2000
#Changed trigger length to 80 chars, fixed some spelling
# 0.09 29 September 2000
#More extensions... its getting so we should just allow 2 or 3 through
# 0.10 18 January 2001
#Removed exclusion for error messages - this is a little nasty
#since it has other side effects, hence we do still exclude
#on unix like error messages
# 0.11 20 March, 2001
#Added CMD extension, tidied docs slightly, added RCS tag
#** Missed changing version number at top of file :-(
# 0.12 10 May, 2001
#Added HTA extension
# 0.13 22 May, 2001
#Reformatted regexps and code to build them so that they are
#shorter than the limits on pre exim 3.20 filters. This will
#make them significantly less efficient, but I am getting so
#many queries about this that requiring 3.2x appears unsupportable.
# 0.14 15 August,2001
#Added .lnk extension - most requested item :-)
#Reformatted everything so its now built from a set of short
#library files, cutting down on manual duplication.
#Changed w in filename detection to . - dodges locale problems
#Explicit application of GPL after queries on license status
# 0.15 17 August, 2001
#Changed the . in filename detect to S (stops it going mad)
# 0.16 19 September, 2001
#Pile of new extensions including the eml in current use
# 0.17 19 September, 2001
#Syntax fix

View 0 Replies View Related

Difference Between Level 1, Level 2 And Level 3 Tech Support

Oct 10, 2009

Is there any preset criteria for it like Level 1 includes a, b & c, Level 2 includes d, e & f and level includes x, y & z?

I know the difference in General but, I wanted a specific answer.

View 14 Replies View Related

Email Filtering - Cpanel

Apr 25, 2008

My provider is using mailfoundry for spam filtering.. but I used IMAP (stored on server) for email.. my problem is that I'm also using a catch-all address and I make up random email names for sites I go to, to check for spam on the incoming side..

I setup filters in Cpanel to remove the selected spam or emails I don't wish to recieve.. but they don't seem to remove themselves.. it could just be a setup problem or it could be the mailfoundry.. not sure..

Here's the settings I have in cpanel (I just altered the name) is this the right setting.. or does it go elsewhere?

View 0 Replies View Related

Hosted Third-party Spam Filtering For CPanel

Oct 3, 2007

Can anyone recommend a hosted third-party spam filtering service for cPanel servers?

Most of the servers are reseller based, and I don't see myself or my team having to enter each individual email address into the service.

With that said, is there any service where you can just point the MX records to it, it would scan the email, and then deliver it?

View 2 Replies View Related

Parking An External 3rd Level Domain In CPanel

Jul 3, 2007

How to add an external third level domain to cPanel?

For example, my main domain at cPanel is one.com, so I can easily add subdomains like second.one.com, third.one.com etc.

But what I need is to point first.two.com to my hosting.

I'm a customer, not the server administrator.

A two.com owner has already configured my server's IP in the two.com zone file for that subdomain.

But how to configure that external 3rd level domain in my cPanel?

View 1 Replies View Related

Exim: User Unknown (domain Forward)

Dec 3, 2007

One of my clients has 2 accounts:

- foo.com, with a mail account info@foo.com.
- bar.com, with domain forwarding to foo.com.

Sending an email message to info@foo.com works.

Sending an email message to info@bar.com doesn't work. When using the ZoneEdit SMTP test utility I get the following error message:


Code:
> RCPT TO:<info@bar.com>
< 550 5.1.1 User unknown: info@bar.com
I checked "/etc/vdomainaliases/bar.com" and "/etc/localdomains", they are configured properly.

Any suggestions?

View 0 Replies View Related

Exim :: Catch The User Sending Spam With Mailnull?

May 28, 2009

i have a vps but there is too much process called mailnull
after that the data centre closed my server for being sent spam

so how i can catch the user sending spam with mailnull?

View 7 Replies View Related

Cpanel: Spam Assassin Deleting Mail At Server Level Possible

Aug 31, 2007

Rather than just tagging the subject with ***SPAM***. Am I going to have to recompile spam assassin in order to get that working? I have a client of mine who wants all spam just removed before it hits his inbox. Is there a setting somewhere in cpanel that I am missing for this? Possible just to apply it to one domain name?

View 3 Replies View Related

Exim Sda7: Write Failed, User Block Limit Reached

May 23, 2009

i have run exim -qff from SSH then i got below error let me know what to do

Code:
root@web [~]# exim -qff
sda7: write failed, user block limit reached.
sda7: write failed, user block limit reached.
sda7: write failed, user block limit reached.

View 4 Replies View Related

Exim/Cpanel SPF

Jun 26, 2008

How do you get Exim to rewrite/remove

Received: from ip.isp.com ([123.123.123.123])
by mx.myhost.net with esmtpa (Exim 4.69)

I'm trying to avoid the error

Received-SPF: softfail (google.com: domain of transitioning me@myhost.net does not designate 123.123.123.123 as permitted sender) client-ip=123.123.123.123;

Basically, any email thats sent through myhost.net should look like it was sent directly.

View 2 Replies View Related

Hardware Level Virtualization Or Software Level Virtualization

Jun 28, 2009

Which virtualization technology is better? Hardware level or software level? My friend suggested me to go for software level virtualization. However, I am still concerned about the technology as to which I should choose?

View 3 Replies View Related

Hardware Level Virtualization Or Software Level Virtualization ...?

Jun 28, 2009

Which virtualization technology is better? Hardware level or software level? My friend suggested me to go for software level virtualization. However, I am still concerned about the technology as to which I should choose?

View 0 Replies View Related

Reliable RBL For Use In Exim On Cpanel?

Mar 28, 2009

What are some good and reliable RBL for use in Exim on Cpanel? Please provide full urls.

View 5 Replies View Related

CPanel/WHM (Exim) SPF Records

Jun 2, 2008

I seem to be experiencing some difficulty adding SPF records via "Edit DNS Zone". When adding these records and checking them with several SPF record checkers, it always reports a record such as the following:

ôv=spf1

Which turns out to be invalid, and definitely not the record I had specified. The record I specified looks like the following:

"v=spf1 a mx ip4:XXX.XXX.XXX.XXX ~all"

XXX.XXX.XXX.XXX being a valid IP, of course.

Is there known issues when adding these types of records via WHM?

And to make it clear, I have added these records as TXT type, with and without the quotes.

View 8 Replies View Related

Cpanel > Exim > Domainkeys

Feb 21, 2007

Wondered if anyone out there would like to share their experience, if any, of setting up cpanel to work with domainkeys via exim.

Hopefully anyone reading this thread will know by now what domainkeys are and how it affects the delivering of email to most major email providers inboxes rather than spam/bulk folders.

antispam.yahoo.com/domainkeys

The domainkeys support for exim is now in the 'experimental' phase:

duncanthrax.net/exim-experimental/
(page allegedly updated on 30th Oct, 06)

However cpanel themselves seem to be dragging their feet a little with implementing it:

bugzilla.cpanel.net/show_bug.cgi?id=4099

This is understandable considering support for domainkeys is not yet part of the main exim core code, and thus is likely to change. From what I've been reading elsewhere, re-compiling and upgrading exim is not advisable with cpanel.

My knowledge of exim (and cpanel TBH) is limited however, and I was wondering what might be the implications of *ahem* hacking it a little in order to enable domainkeys.

SPF records alone just don't seem to cut it anymore.

View 0 Replies View Related

Backing Up A All My CPanel User's

Dec 6, 2007

How do I backup all my cPanel users? Like there files, settings, emails, mysql, everything.

View 14 Replies View Related

Cpanel Master User

Oct 24, 2008

Logging in to cpanel using root password warned you that you had logged in using root privs and you got a nice drop down where you could jump to any account's cpanel.

After changing my root password, the first domain set up on that server gets the nice drop down, and indeed full rights, despite using it's normal password. I also don't see the warning message about using root privs.

So, somehow, the domain's account has gained ROOT cpanel privs. Where is this set?

View 1 Replies View Related

CPanel: Change Exim.conf

Aug 6, 2007

change some variables in exim.conf so that they will not be modified next time cPanel will update exim.

Basically I need to modify this:

smtp_banner and rfc1413_query_timeout.

View 4 Replies View Related

Exim + Cpanel + Dspam Howto

Mar 21, 2007

I found a handful of howto's for dspam, but none of them catered for exim with virtual users. After hunting around, I eventually have it working on a cPanel server, with user authentication for mail users.

My setup:
dspam version 3.6.8, using mysql driver.
exim version 4.
mysql 4.1
CentOS (2.6.9-023stab033.9-enterprise)
cPanel / WHM - latest RELEASE version.

Download the source, configure and compile:

Code:
# cd /usr/local/src
# wget http://dspam.nuclearelephant.com/sou...m-3.6.8.tar.gz
# tar -zxf dspam-3.6.8.tar.gz
# cd dspam-3.6.8
Configure, replacing user/groups with your web-server user (web / apache / nobody), and use your mysql-include / library paths (will need mysql-devel on rh based systems).

Code:
# ./configure --prefix=/opt/dspam-3.6.8 --with-local-delivery-agent=/usr/sbin/exim --with-storage-driver=mysql_drv --with-userdir=/var/spool/mail/dspam --with-userdir-owner=nobody --with-userdir-group=nobody --with-dspam-mode=none --with-dspam-owner=nobody --with-dspam-group=nobody --enable-whitelist --enable-spam-delivery --enable-alternative-bayesian --disable-dependency-tracking --enable-virtual-users --with-mysql-includes=/usr/include/mysql --with-mysql-libraries=/usr/lib/mysql/ --with-dspam-home=/opt/dspam-3.6.8/var/dspam
# make && make install
Set up mysql

Code:
# mysqladmin -p create dspamdb
# mysql -p
>grant all privileges on dspamdb.* to dspamuser@localhost identified by dspampass;
>flush privileges;
>exit;
Create tables:

Code:
mysql -p dspamdb < /usr/local/src/dspam-3.6.8/src/tools.mysql_drv/mysql_objects_speed.sql
mysql -p dspamdb < /usr/local/src/dspam-3.6.8/src/tools.mysql_drv/virtual_users.sql
Link dspam in opt for easy versioning:

Code:
ln -s dspam-3.6.8 /opt/dspam
Copy the web interface files to a web directory:

Code:
# cp webui/cgi-bin /opt/dspam -r
# cp webui/htdocs /opt/dspam/

This next step is required for pop3 authentication.
Install perl module Apache::AuthPOP3 - which does apache pop3 authorisation:

Code:
perl -MCPAN -e shell
install Apache::AuthPOP3
Next, apache will need mod_perl installed - WHM -> Apache Update will allow you to enable the perl module (I am running it alongside php with no issues).

Then in /usr/local/apache/conf/httpd.conf:

Code:
ScriptAlias /dspam/ /opt/dspam/cgi-bin/
Alias /dspam_files/ /opt/dspam/htdocs/
<Directory /opt/dspam/cgi-bin>
Options None
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
Create .htaccess in /opt/dspam/cgi-bin as follows:

Code:
AuthName "Dspam"
AuthType Basic
PerlAuthenHandler Apache::AuthPOP3
PerlSetVar MailHost localhost
Require valid-user
#PerlSetVar UserMap pop3user1=>realname1,pop3user2=>realname2
#Require user pop3user1 pop3user2 pop3user3 pop3user4
there are 2 commented parameters you can set when using POP3 auth - sure its pretty self-explanatory.

Set up admin user (the admin_user must be able to authenticate as a pop user):

Code:
#echo "admin_user" >> /opt/dspam/cgi-bin/admins
Create a queuesize script for web user - so dspam can determine how many messages in the queue.

Code:
vi /usr/local/bin/eximqsize
#!/bin/sh

/usr/bin/find /var/spool/exim/input/ -type f | wc -l | cut -d" " -f1-
##EOF

# chmod 4755 /usr/local/bin/eximqsize
# chown nobody /usr/local/bin/eximqsize
Configure web ui, edit /opt/dspam/cgi-bin/configure.pl:

Code:
$CONFIG{'MAIL_QUEUE'} = "/usr/local/bin/eximqsize";
$CONFIG{'WEB_ROOT'} = "/dspam_files";
$CONFIG{'LOCAL_DOMAIN'} = "FQDN"; #your servers fully qualified domain name - e.g. host.yourdomain.com
Next, set the default preferences for the system (you need /opt/dspam/bin in your path if you copy and paste this...):

Code:
dspam_admin ch pref default trainingMode TEFT
dspam_admin ch pref default spamAction quarantine
dspam_admin ch pref default spamSubject "[SPAM]"
dspam_admin ch pref default enableWhitelist on
dspam_admin ch pref default showFactors off
Permissions:
I would suggest reading the README over dspam to get a full understanding of the permissions required for running of dspam. My permissions were:

Code:
# chown nobody:mail /opt/dspam/var/dspam -R
# chown nobody:mail /opt/dspam/etc/ -R

Edit dspam.conf (in /opt/dspam/etc/. I have only listed the parameters I changed here...):

Code:
TrustedDeliveryAgent "/usr/sbin/exim -oMr spam-scanned"

Trust: root
Trust: mail
Trust: nobody / httpd #choose 1 - what ever your webserver runs as - `ps axu | grep httpd` to find out

#Use the same details as you did for the "grant all privileges on...." statement in mysql.
MySQLServer /var/lib/mysql/mysql.sock
MySQLPort
MySQLUser dspamuser
MySQLPass dspampass
MySQLDb dspamdb
MySQLCompress true

MySQLVirtualTable dspam_virtual_uids
MySQLVirtualUIDField uid
MySQLVirtualUsernameField username
Almost there....
Confirm that mysql is configure to listen on a socket in /etc/my.cnf (or whereever your config file is):

Code:
# cat /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
Now the final step - exim configuration. This is the part that took the longest, hopefully it works for you. Just as I read in the howto's I used for this, please please please dont just copy and paste - you stand a good chance of breaking your mail server if you make changes without understanding. Be warned.

My config file is /etc/exim.conf. This should be edited using the WHM -> Exim Configuration Editor -> Advanced.

Code:
#Routers - Add these in the box before virtual_user delivery / user delivery router).
dspam_router:
no_verify
#uncomment the next line to disable dspam for virtual users.
# check_local_user
condition = "${if and {
{!def:h_X-Spam-Flag:}
{!def:h_X-FILTER-DSPAM:}
{!eq {$sender_address_domain}{$domain}}
{!eq {$received_protocol}{local}}
{!eq {$received_protocol}{spam-scanned}}
} }"
headers_add = "X-FILTER-DSPAM: by $primary_hostname on $tod_full"
driver = accept
transport = dspam_spamcheck

## The next 2 routers allow you to forward spam / non-spam to dspam for training (e.g. spam-yourmail@yourdomain.net).
# spam-username
dspam_addspam_router:
driver = accept
local_part_prefix = spam-
transport = dspam_addspam

# nospam-username
dspam_falsepositive_router:
driver = accept
local_part_prefix = notspam-
transport = dspam_falsepositive

##Transports - can be added anywhere:
#this adds the spam-scanned protocol header, so when it is passed back to exim after being processed by dspam, it doesnt get stuck in a loop.
dspam_spamcheck:
driver = pipe
command = "/usr/sbin/exim -oMr spam-scanned -bS"
transport_filter = "/opt/dspam/bin/dspam --stdout --deliver=innocent,spam --user $local_part@$domain"
use_bsmtp = true
home_directory = "/tmp"
current_directory = "/tmp"
user = nobody
group = mail
log_output = true
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =

dspam_addspam:
driver = pipe
command = "/opt/dspam/bin/dspam --user $local_part@$domain --class=spam --source=error"
home_directory = "/tmp"
current_directory = "/tmp"
user = nobody
group = mail
log_output = true
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =

dspam_falsepositive:
driver = pipe
command = "/opt/dspam/bin/dspam --user $local_part@$domain --class=innocent --source=error"
home_directory = "/tmp"
current_directory = "/tmp"
user = nobody
group = mail
log_output = true
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =

If you have set up authentication correctly as well, then you should be able to open [url] and log in - if you add your login details to the "admins" file, you can configure defaults, etc. It also allows ALL users (with 1 user being an email account) to log in, using www.yourclientsdomain.com/dspam/dspam.cgi

This will not work with suexec enabled!! This is because dspam needs specific permissions, and it is expecting user nobody to access it. If suexec is enabled, you will need to use the default host, and NOT virtual hosts (and even this may not work - testing still required).

Watch exim_mainlog after this - you should pick up what transports and routers are being used.

Dspam can really hammer a system - mysql, cpu and memory usage will go up a bit, especially on busy production servers. Monitor your servers performance.

Other settings: add /opt/dspam/man to MANPATH in /etc/man.config or move dspam man directory to an existing man directory.

[ADDED]
This dspam.cgi hack will do a lookup in the cpanel config file to find the domain for any username without a domain, and append it on match (or leave just the username part if nothing is found). This requires unsecuring your system a bit - your http user will need to be able to read /etc/trueuserdomains (either chmod 644 or chown nobody):

Code:
#add this just after $CURRENT_USER is set.
if ($CURRENT_USER !~ /@.+./) {
open(TUD, "</etc/trueuserdomains");
while(<TUD>) {
my ($domain, $user) = split(/:/,$_);
chomp($user);
$user =~ s/^s*//g;
if ($user eq $CURRENT_USER) {
$CURRENT_USER = $CURRENT_USER . "@$domain";
}
}
close(TUD);
}

That should do it

dspam will allow all messages through by default, and will require some training. With this config, users can train using email commands - all they need to do is forward any spam that hits their mailbox to spam-emailaddress@domain.com (their own email address with spam- prepended). Unfortunately this does not allow handling of false positives if you are using a "quarantine" policy instead of subject. the web interface comes in handy for this.

I am busy testing a combination of dspam with assp, which seems to be working well - I especially like the greylisting feature of assp and ProtectionBox... Will add to this howto when testing is finish.

View 5 Replies View Related

Clean Old Accounts From Exim / CPanel

Nov 8, 2007

We are having trouble with disk space on some of our shared hosting servers and we are wondering if anyone have a script to clean e-mails from exim not checked in the last 60 days ?

View 1 Replies View Related

Exim Maxing Out After V 11 Upgrade - Cpanel

Aug 28, 2007

Are there others that are having a problem with exim getting slammed with the max allowed connections after updating to cpanel 11?

I have upgraded perl to 5.8.8 and upgraded cpanel. Now, all day yesterday, last night, and now.. pstree is showing exim maxed out.

Clients are complaining that they can't send email due to the "too many connections" error.

I have bumped up the max to 300 for now to hopefully get more clients able to send, but it is quickly working its way over 200 as I type this.

I have tried every setting in the exim configuration editor, on and off, I have a data center techs working on it since yesterday...

View 9 Replies View Related

Find User Bandwidth From SSH (CPanel)

May 11, 2009

Does anyone happen to know how to find the current bandwidth usage for users in CPanel via SSH? I found disk space, which is /scripts/dumpquota, but I can't find the bandwidth.

View 8 Replies View Related

Email Notifications Whenever User Log's In FTP (CPanel)

Apr 12, 2009

Server configuration:
CENTOS 5.3 x86_64
cPanel 11.24.4-C35075 - WHM 11.24.2 - X 3.9

Is it possible to write a script that will be sending notifications on user e-mail, that is already pre-configured in their account, whenver user will log in to FTP.

Are there any pre-made scripts or if not, any hint's on writing something like that?

View 1 Replies View Related

Tracking Down Web Process User In Cpanel

Nov 3, 2009

Recently, there are a lot of "apache" processes hogging my Cpanel server with the default owner "nobody". How could I track the apache process back to which user is using it?

View 8 Replies View Related

User Nobody Using All System Memory Cpanel

Apr 16, 2009

I tracked down another issue that I am having with this same server. I login and look at the system and 100% of the swap is used and 99% of the Ram. I look to see who's using it, and the user name is Nobody. What role does this user play in cpanel? Can I disable the user?

UPDATE: It is actually apache doing it.

7044 nobody 0

0.6

8.3 /usr/local/apache/bin/httpd -DSSL
2836 nobody 0

0.6

0.2 /usr/local/apache/bin/httpd -DSSL
2835 nobody 0

0.6

1.8 /usr/local/apache/bin/httpd -DSSL
2838 nobody 0

0.6

0.5 /usr/local/apache/bin/httpd -DSSL
2854 nobody 0

0.6

0.2 /usr/local/apache/bin/httpd -DSSL
7934 nobody 0

0.5

22.8 /usr/local/apache/bin/httpd -DSSL
2839 nobody 0

0.4

0.2 /usr/local/apache/bin/httpd -DSSL
2887 nobody 0

0.4

24.5 /usr/local/apache/bin/httpd -DSSL
2848 nobody 0

0.4

2.7 /usr/local/apache/bin/httpd -DSSL

View 2 Replies View Related

CPanel - Limiting IO Mem CPU Per User? Hostgator Like

Nov 16, 2008

I was reading up a thread where hostgator cpanel servers seem to be limiting IO activity per user/account/domain. How can that be achieved?

Any special limitations on a per account basis that I am not aware of?

View 1 Replies View Related

Exim Can`t Send E-mails After Cpanel Upgrade

May 2, 2009

we have a freebsd/cpanel box what seems to be trouble prone combination, specially for exim.

After cpanel upgrade, exim simple has stopped. Somehow I managed receiving on this way:

# /etc/init.d/exim start
/libexec/ld-elf.so.1: Shared object "libperl.so" not found, required by "sendmail"

I checked which perl version is running: perl -v
This is perl, v5.10.0 built for i386-freebsd-64int

then applied:

unix1# ln -s /usr/local/lib/perl5/5.10.*/mach/CORE/libperl.so /usr/local/lib
unix1# /etc/init.d/exim start
exim exim antirelaydunix1#
unix1#

but this solved only half of a problem, now we can receive e-mails, but not send them, what is really frustrating.

Here is the error which cpanel sends on each 5 min:

exim failed @ Fri May 1 16:06:15 2009. A restart was attempted automatically.
Service Check Method: [tcp connect]

Failure Reason: TCP Transaction Log:
<< 220-xxxxxxxxxx.xxxx ESMTP Exim 4.69 #3 Fri, 01 May 2009 16:06:41 +0200 << <<
>> EHLO localhost
<< 250-xxxx.xxxx.xxx Hello localhost [127.0.0.1] << << << << <<
>> AUTH PLAIN
>> AF9fY3BhbmVsX19zZXJ2aWNlX19hdXRoX19leGltX19Nd2NxU1pyUng1S3R5YTl2enZaV
>> zN4R3Q1MU5WdTh1MHBZcnI4NDhqaWVtWFhSY3VraERTSGZnZU1tQkpiVXNWAFRkbzNpY3
>> ZVTUg1N1Z0R0t5c2VLYW82T1U1UFlqRDEwVThpVXlGSUpFMkZDRWVFaWxzTTNZMHVaRGd
>> UWXM1WnU=
<<
exim: ** [ != 2]

and I can not find the solution for this almost two days (!), no help for host support either. Closest what I have found on net is this topic:

[url]

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved