Ways to Prevent Email Abuse

1
Ways to Prevent Email Abuse
2
Table of Contents

• Introduction
• Configuration of the Passwords Strength
• Enable Greylisting
• Enable cPHulk
• SMTP Restrictions
• Exim Configuration Manager
• Tweak Settings
• Max Hourly Emails Per Domain

• Max Hourly Emails Per Domain (Continued)
• Account-Specific Max Hourly Emails Per Domain
  Settings
• Prevent nobody from Sending Mail
• The Percentage of Email Messages (above the
  Account's Hourly Maximum) to Queue and Retry for
  Delivery
• Maximum Percentage of Failed or Deferred Messages
  a Domain May Send Per Hour
• Maximum Percentage of Failed or Deferred Messages
  a Domain May Send Per Hour (Continued)
• Initial Default/Catch-All Forwarder Destination
• PHP Configuration

3
Introduction

• The aim of this PPT is to provide information on
  the best practices that need to be followed to
  ensure the prevention of email abuse on a cPanel
  WHM server. cPanel WHM is meant for
  automating tasks related to web hosting for Linux
  operating system.
• The Best Website Hosting Company, the Best
  Cloud Hosting Company, the Best Reseller
  Hosting Company, etc., these are some of the
  terms that are used to refer to those hosting
  service providers that excel in providing hosting
  service. Hosting service is provided by web
  hosting companies and ensures that websites are
  always accessible and up and running without any
  issues.

4
Configuration of the Passwords Strength

• Increasing the minimum password strength with
  regard to the mail accounts of the users, results
  in a decrease in the risk of a hacker guessing
  the passwords correctly. The Password Strength
  Configuration interface of WHM needs to be used
  for defining the minimum password strength for
  the mail accounts of the users. It is recommended
  that the default minimum password strength be set
  to at least 50.
• WHM gtgt Home gtgt Security Center gtgt
  Password Strength Configuration

5
Enable Greylisting

• Enabling the service of Greylisting helps protect
  a server against spam or unwanted email. When
  this service has been enabled, any email from a
  sender that is unrecognized by the server, is
  temporarily rejected by the mail server. In the
  event that the email is legit, there are attempts
  to resend it by the originating server, after a
  delay. Once enough time has passed, the email is
  accepted by the server.
• In order to enable this feature, you need to
  navigate to the Greylisting interface of WHM and
  then click Off to toggle the status of the
  feature.
• WHM gtgt Home gtgt Email gtgt Greylisting

6
Enable cPHulk

• Protection against brute force attacks for a
  server is ensured by cPHulk. Enabling cPHulk
  helps to reduce the chances of brute force attack
  being used by a hacker for gaining access to the
  mail accounts of a server.
• You need to navigate to the CPHulk Brute Force
  Protection interface of WHM, for enabling this
  feature. Then you need to click Off in order to
  toggle the status of the feature.
• WHM gtgt Home gtgt Security Center gtgt CPHulk
  Brute Force Protection

7
1-800-123 -8156

• Whoa! Thats a big number, arent you
  proud?

8
SMTP Restrictions

• Spammers cannot interact directly with the remote
  mail servers when SMTP Restrictions feature is
  enabled. Moreover, they cannot work around the
  settings for mail security either. You need to
  navigate to the SMTP Restrictions interface in
  WHM and click Enable in order to enable this
  feature.
• WHM gtgt Home gtgt Security Center gtgt SMTP
  Restrictions
• The outgoing email connection attempts to the MTA
  (Mail Transfer Agent), the root user and to the
  mailman system user are restricted by this
  feature. Moreover, this feature makes sure that
  both scripts and users use the sendmail binary of
  Exim.

9
SMTP Restrictions

• Numerous options with regard to spam and abuse
  prevention are provided by the Exim Configuration
  Manager interface of WHM.
• WHM gtgt Home gtgt Service Configuration gtgt
  Exim Configuration Manager

10
Tweak Settings

• Certain settings that are present in the Mail
  section of the Tweak Settings interface in WHM,
  aid in preventing email abuse. These settings are
  mentioned in the following slides.

11
Max Hourly Emails Per Domain

• This setting serves the purpose of specifying the
  maximum number of emails which can be sent by
  each domain in every hour. Its default setting is
  Unlimited. The following points need to be
  mentioned in this context
• Email send limits are enforced by the system only
  on remote email deliveries.
• This setting will not appear if the Exim Mail
  Server service in the Service Manager interface
  of WHM is disabled. WHM gtgt Home gtgt Service
  Configuration gtgt Service Manager
• This setting will not function if the Eximstats
  driver in the Service Manager interface of WHM is
  disabled. WHM gtgt Home gtgt Service Configuration gtgt
  Service Manager
• This setting doesnt override the below-mentioned
  settings
• Maximum Hourly Email by Domain Relayed
• Maximum percentage of failed or deferred messages
  a domain may send per hour
• It is recommended that such a value be specified
  that is not Unlimited in order to prevent email
  abuse.

12
Max Hourly Emails Per Domain (Continued)

• If the option for Max Hourly Emails Per Domain is
  set to 500, then each of the hosted domains can
  send 500 email messages in every hour. You can
  use the setting, the percentage of email messages
  (above the accounts hourly maximum) to queue and
  retry for delivery, for specifying a soft limit.

13
Account-Specific Max Hourly Emails Per Domain
Settings

• When you want to specify values for an individual
  package or an individual account, you need to use
  the Edit a Package interface of WHM or the Modify
  an Account interface of WHM.
• WHM gtgt Home gtgt Packages gtgt Edit a Package
• Or
• WHM gtgt Home gtgt Account Functions gtgt Modify an
  Account
• You need to carry out the below-mentioned steps
  for manually editing the cpuser file, in order to
  enable this setting from the command line.
• Open the file, /var/cpanel/users/username from
  the command line. In it, the term username
  represents the desired account username.
• Add the MAX_EMAIL_PER_HOUR key in this file and
  specify the selected usernames value.
• Run the script, /usr/local/cpanel/scripts/updateus
  erdomains

14
Prevent nobody from Sending Mail

• This setting makes sure that the nobody user is
  denied the ability to send mail to a remote
  address. The default setting is set to On. It is
  recommended that you select the On option to
  prevent email abuse. It is the PHP and CGI
  scripts, which usually run as the nobody user.
  You need to enable the suEXEC or mod_php modules
  in the Apache configuration in order to use a PHP
  or CGI script to send mail.

15
The Percentage of Email Messages (above the
Account's Hourly Maximum) to Queue and Retry for
Delivery

• It is specified by this setting if the outgoing
  messages for later delivery should be queued,
  once a domain reaches its limit with regard to
  outgoing messages per hour. This settings
  minimum value is 100 and its maximum value is
  10,000.
• The following key points need to be mentioned in
  this context
• This option needs to be set to 100 in order to
  force the failure of all outgoing messages, once
  the domain reaches its limit.
• This setting will not appear if the Exim Mail
  Server service in the Service Manager interface
  of WHM is disabled. WHM gtgt Home gtgt Service
  Configuration gtgt Service Manager
• This setting will not function if the Eximstats
  driver in the Service Manager interface of WHM is
  disabled. WHM gtgt Home gtgt Service Configuration gtgt
  Service Manager

16
Maximum Percentage of Failed or Deferred Messages
a Domain May Send Per Hour

• Through this setting the maximum percentage of
  failed or deferred messages, which might be sent
  by your domain in every hour, can be specified.
  The default for this setting is set to Unlimited.
  Outgoing mails from a domain are temporarily
  blocked by your server, when both of the
  below-mentioned conditions are true.
• The number of failed or deferred messages sent by
  the domain equals that specified in the setting,
  Number of failed or deferred messages a domain
  may send before protections can be triggered.
• In the total number of sent messages, the
  percentage of failed or deferred messages is
  equal to or greater than the percentage that has
  been specified.
• All outgoing and local mail, for the previous
  hour, are examined by the system for determining
  if these conditions are met. When only one of the
  above-mentioned conditions is true, outgoing mail
  isnt blocked by the system.

17
Maximum Percentage of Failed or Deferred Messages
a Domain May Send Per Hour (Continued)

• Maximum Percentage of Failed or Deferred Messages
  a Domain May Send Per Hour (Continued)

18
Initial Default/Catch-All Forwarder Destination

• The initial forwarding destination with regard to
  the default/catch-all email addresses for new
  accounts is specified by this setting. Emails
  received by the non-existent users on a servers
  domain are handled by the default address. It is
  recommended that this setting be changed from
  System account (default) to Fail, if a lot of
  spam is being received on the default accounts.
  The default setting for newly-created accounts is
  changed by this setting. The following steps need
  to be carried out for changing this setting for
  an existing account
• Log in to the specific cPanel account or navigate
  to the cPanel interface of the account through
  the List Accounts interface of WHM. WHM gtgt Home
  gtgt Account Information gtgt List Accounts
• Navigate to the Default Address interface of
  cPanel. cPanel gtgt Home gtgt Email gtgt Default
  Address
• Select from the menu, Send all unrouted email for
  the following domain, that domain for which you
  need to set a default address.
• Select the option, Discard the email while your
  server processes it by SMTP time with an error
  message. This option sends an error message to
  the sender.
• Enter an error message in the text box, Failure
  Message (seen by sender)
• Click Change.

19
PHP Configuration

• Server security can be improved by configuring
  PHP and suEXEC, ModRuid2, or suPHP. Through this
  configuration you can have information regarding
  which users run which processes system-wide. It
  needs to be mentioned here that suEXEC should not
  be enabled with ModRuid2, as suEXEC isnt
  compatible with it.
• CGI applications are forced by ModRuid2 and suPHP
  to run as the cPanel account user. Moreover, some
  of the POSIX.1e capabilities are exploited by
  ModRuid2 in order to ensure performance
  enhancements over the default suEXEC
  configuration of Apache. CGI and PHP applications
  are forced by the suEXEC Apache module to run as
  the cPanel account user.

20
Thanks!

• ANY QUESTIONS?

• www.htshosting.org