Prevent outgoing spam

Nikki Wilson asked:

What are some ways to prevent spam from leaving your servers should a hosting account get compromised?

Have a bunch of clients on a server with cpanel but wondering if there was a way to just prevent a chance if an account was compromised.

  • When I meant compromised I meant, a client signs up or a client account and gets hacked and his account is used for spam.

  • couldn’t you setup some type of filter/blacklist terms in exim or spamassassin which would block/stop mail going out if it matched that?

My answer:

You’re running a web hosting provider, which by its nature means your clients are going to be running untrusted and often insecure code.

Aside from the things you should already be doing to secure the server generally, consider:

  • Run malware scans against client data using a tool such as maldet. Keep your definitions up to date.

  • Only allow outgoing SMTP traffic to your local mail server, where you can log and exercise some control over outgoing mail. Add an outbound firewall rule that prevents anything but your mail server from connecting to port 25 on remote hosts. An example rule could be:

    iptables -I OUTPUT -m owner ! --uid-owner EXIM_USER -p tcp --dport 25 -j DROP

    (Authenticated SMTP traffic to a customer’s third party mail server, such as Gmail, will run on port 587 and be unaffected by this.)

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.