Prevent outgoing spam

linux email web-hosting exim spamassassin

Don't get compromised. Seriously.

  • Monitor your traffic. You'll understand what's normal and be able to recognize abnormal traffic.

  • Shut down unnecessary daemons. If the server isn't supposed to send mail, don't run sendmail or postfix.

  • Restrict SSH access and/or assign SSH a non-standard port (e.g. don't use the default port 22). If you need to use port 22, then augment with a service like DenyHosts to track and stop inbound SSH bot authentication attempts.

  • Use or enforce strong passwords for yourself and your customers.

Oh, and this: Fighting Spam - What can I do as an: Email Administrator, Domain Owner, or User?


The easiest thing to do would be to block outgoing connections to Port 25 until a client "requests" that it be unblocked for their IP. There really shouldn't be anyone running a mail server from a CPanel hosting site in the first place (if they're generating e-mail that's "sent" by another server, then it should sent to that server on port 587 per RFC and has been that way since 1998).

I really wish more providers had your level of consideration, even if you don't block Destination Port 25 traffic. We appreciate the thought, and would appreciate the firewall even more.

Related

Created the same user on two different domain controllers
a2ensite equivalent in CentOS
how do I add a new disk to ZFS and make it available existing mountpoints if the current pool is root pool?
How does a geographically distributed web app handle stored data?
Network bonding mode 802.3ad on Ubuntu 12.04 and a Cisco Switch
Enable Mod_Security for only one website
How do I enable PHP’s flush() with nginx+PHP-FPM?
How to restrict ssh tunnel authority to a certain port?
Is it possible to change filesystem properties for an existing ZFS pool?
Enable & Disable Log-watch feature in Linux server [closed]
Configure apt to use proxy in vagrant box
Why does DHCP have fixed client and server port numbers