How block system account from sending e-mails?

[amator]

Hi,

Regarding to this: http://help.directadmin.com/item.php?id=328

How can I block all e-mails sending by [email protected] ?

When my clients have old script installations, they getting hacked and all spam is sent from [email protected]

I want to allow only smtp autorization to send e-mails. This is good idea?

 

[Richard G]

You should educate your users and just suspend accounts with old and hacked installations to force them to upgrade and take more care.

However, if you want to stop them using the php mail function, you have indeed the option to limit email to smtp authorization only.
I think this might be achieved by setting adding mail() to the "disabled_functions" line in php.ini and restart apache after saving php.ini.

You should also consider to install a good firewall like CSF/LFD which can also block outgoing php mail, block bruteforce attempts and so on.

 

[DirectAdmin Support]

BlockCracking can block all scripts. It's automated functionality will add bad script paths to the file:

/var/spool/exim/blocked_script_paths

in the format:

/home/user/name/domain.com/public_html/upload:1509901998

one entry per line, where the number on the right is the timestamp of when it was blocked.

So if you know that you'll never want them to send a script, you'd just add /home/username to that file, with a timestamp, that is ~20 years in the future, so that it never gets unblocked (even though the default is 1, and 2 is needed to unblock based on time)

If you don't want any of the other BlockCracking features, like auto-blocking, you can just crank up the thresholds to a higher values.

Another fun file is:

/etc/virtual/blacklist_usernames

however, this applies to everything under that User, both scripts, and SMTP-auth, so not quite what you're looking for.


Full list of inbound and outbound spam blocking goodies is here:
http://help.directadmin.com/item.php?id=577

John

 

[DirectAdmin Support]

Other thoughts on this:
1) Ensure you have an active firewall, and make sure WordPress log scanning is enabled.
DA can do this as of 1.47.0 with the BFM.
If you use CSF, then link the BFM to call CSF blocks.
http://help.directadmin.com/item.php?id=527

2) Rate limiting is a must:
http://help.directadmin.com/item.php?id=514
I recommend setting both a DA User limit (200), and a global per-Email limit (50).
Admin Level -> Admin Settings

and you can set higher limits for a DA User if needed.
And if an email needs more than 50, you can change the setting:
Admin Level -> "Max limit User can set per E-Mail" = 200
so the default is 50, but a User can set up to 200.

John