The intention of this guide is to provide some steps to help tighten the email sending practices on a machine in order to facilitate both determining the legitimate sender of an email as well as preventing spoofing on the machine.
WHM Options to Enable
1. Preventing nobody from sending emails
WHM > Tweak Settings, select “On” for the following option:
Prevent “nobody” from sending mail [?]
Prevent the user “nobody” from sending out mail to remote addresses
(PHP and CGI scripts generally run as “nobody” if you are using mod_php or have Suexec disabled.)
Prevent the user “nobody” from sending out mail to remote addresses
(PHP and CGI scripts generally run as “nobody” if you are using mod_php or have Suexec disabled.)
If you are using DSO for the PHP handler, this option is not advised. You can see in WHM > Apache Configuration > PHP and SuExec Configuration area which PHP handler is being used on the machine.
The default handler for new cPanel installations would be suPHP, which would work for the above option. If you are using an older setup with DSO, it would be recommended to change to suPHP for better tracking on who is running PHP processes for scripts that send emails anyway.
2. Setting the Sender header when the email sender tries to spoof the sender
WHM > Exim Configuration, select the following:
Set the Sender: Header when the mail sender changes the sender (-f flag passed to sendmail) and Sender Verification Callouts set to ON
3. Adding MailHeaders for PHP
WHM > EasyApache (Apache Update) > Step 6 Exhaustive Options List in the PHP section (PHP 4 and/or PHP 5), select the following:
MailHeaders