Email hardening Practices
excerpt from http://forums.cpanel.net/f5/setup-limit-sending-out-mails-per-hour-per-domain-users-201222.html#post843452
The intention of this guide is to provide some steps to help tighten the email sending practices on a machine in order to facilitate both determining the legitimate sender of an email as well as preventing spoofing on the machine.
WHM Options to Enable
1. Preventing nobody from sending emails
WHM > Tweak Settings, select “On” for the following option:
Then click the “Save” button to save the configuration change.If you are using DSO for the PHP handler, this option is not advised. You can see in WHM > Apache Configuration > PHP and SuExec Configuration area which PHP handler is being used on the machine. The default handler for new cPanel installations would be suPHP, which would work for the above option. If you are using an older setup with DSO, it would be recommended to change to suPHP for better tracking on who is running PHP processes for scripts that send emails anyway.2. Setting the Sender header when the email sender tries to spoof the senderWHM > Exim Configuration, select the following:
Prevent “nobody” from sending mail [?]
Prevent the user “nobody” from sending out mail to remote addresses
(PHP and CGI scripts generally run as “nobody” if you are using mod_php or have Suexec disabled.)
Then click the “Save” button to save the configuration change.3. Adding MailHeaders for PHPWHM > EasyApache (Apache Update) > Step 6 Exhaustive Options List in the PHP section (PHP 4 and/or PHP 5), select the following:For more information on this option, please see CHOON.NET : Resources : Scripts & Patches : PHP Mail Header Patch
Set the Sender: Header when the mail sender changes the sender (-f flag passed to sendmail) and Sender Verification Callouts set to ON
How helpful was this article to you?
Posting has been disabled.