How To Protect Your Server From Spam Emails?

Summary:

Nowadays, when the spammer has increased widely. It’s crucial to protect your server and client’s emails from sending spam emails. Well, here in this tutorial, we’ll walk you through several methods to keep your server from sending out spam or junk mail. Generally, bulk email senders are the culprits behind spam emails used for commercial purposes but in a huge volume by a botnet or a network with a compromised computer. However, you can follow some basic instructions to protect your server from sending out spam emails.

4 Ways to Protect Server from Sending Spam Emails

There are several different ways to protect your server from sending spam or bulk emails to others. Follow the below steps to know some of them:

1. You can create SPF records for every client or make it mandatory for everyone to enhance your email security.
2. Recommend every client to use a strong password for every cPanel and email account on the server. You can also force cPanel users to change their passwords from your WHM by navigating to the Account Functions > Force Password Change option.

   

3. Make sure to upgrade your plugin, software, and themes on every website. Keeping your addons up-to-date could help you avoid any compromise or vulnerability.
4. Always use ReCaptcha on every sensitive page of websites. ReCaptcha is a Turing test used to protect the page from bots. It is used to tell if a visitor is human or not. Using ReCaptcha is highly recommended as prevents automated bots from submitting info, which could flood your server with numerous unnecessary requests.

So, the above are some basic techniques that you can use to prevent your server from sending spam emails. But, the question arises, is this enough to protect servers from sending out spam emails? NO!! Even with these tactics, your server will still send out spam.

How To Detect if a Server is Flooded With Spam Emails?

If you’re receiving tickets from your clients that they’re unable to send or receive emails, or the emails they’re sending have ended up in the spam folders. If this occurs, we recommend you take some additional steps by following the below article to eliminate the problem.

You can start by tracking the source of spam. In most cases, it is either an existing email account or a PHP mailing script running on the server. If you found the email address from where the spam is going, you should immediately change the password of it. If a mailing script is causing the spam, disable the script or delete the script file once you find its exact location.

The process to detect the source of the spam is mentioned below. You’ll be needed WHM or Root access to your server to perform this task.

Detect Spam Email Sender Using The “Mail Queue Manager” in WHM

• Log into your WHM panel.
• Either navigate to the Email > Mail Queue Manager or simply type mail in the left-corner search bar and click over the Mail Queue Manager option from the result.

• Enter the search term.

• A list of messages during the selected period will be displayed. Check for the messages or senders that are continuously repeating. You can examine the messages more closely by clicking over the Magnifier icon.

• Check the following details to examine the spammer.
  • From
  • Subject
  • To

Received: from username by exampledomain.com with local (Exim 4.93) 
(envelope-from <something@exampledomain.com>) 
id 1l0OgK-000413-I8 
for a1tasks@host2.getintodigital.com; Fri, 15 Jan 2021 18:30:01 +0530 
From: "something@mydomain.com> 
To: test@redserverhost.com 
Subject: Additional and easy income to earn today 
X-PHP-Script: exampledomain.com/index.php for 123.456.78.90
X-PHP-Originating-Script: 1153:class-phpmailer.php
Content-Type: text/plain; charset=UTF-8

• A sender that has sent too many emails with a single subject is more likely to be a spammer.

Disable the Spamming Email Account Immediately

Focus on the from and the subject of the email. If it sounds spammy, you should change the password of that email as soon as possible or you can temporarily disable the email account to prevent spamming. Once you change the password of the spammy email account, the continuous spamming should be stopped in a couple of minutes. If not, you can follow the other method.

Disable the Mailing Script

Sometimes, the information in the from remains blank or does not provide the email address. In this case, take a look at the X.PHP-Script or X-PHP-Originating-Script commands. Analyze both commands and you’ll find the domain name associated with the spamming script and an IP Address

X-PHP-Script: exampledomain.com/index.php for 123.456.78.90

You will also be able to view the name of the malicious PHP file.

X-PHP-Originating-Script: 1153:class-phpmailer.php

Now you have got the domain name and name of the malicious PHP file. Simply log in to your WHM account and navigate to the List Accounts section.

Log into that cPanel account and delete the malicious file that is class-phpmailer.php in my case.

You can find the exact location of the malicious script on your server from SSH. Simply log into your SSH with WHM credentials, and follow the below command.

find /home/user/public_html -type f -name 'class-mailer.php'

Note: 

Do not forget to replace /home/user/public_html path with your own path. 

Replace class-mailer.php with the PHP script you got. Do not copy mine. It won’t work for you.

chmod 000 /path/to/script

Once the spam stops, navigate to the Mail Queue Manager and delete or clear all the emails from that particular email address.

That’s It.

We hope that this article will help you decrease the spam emails from your server. If you still have any doubts, you can visit Redserverhost.com and open free chat support. Our experienced Technical Support Team will be happy to assist you.

Other than this, you can contact us on Facebook or Twitter for any further inquiries & suggestions.