I needed a solution to find out which scripts on my Cpanel server were sending out email. Tracking them down was nearly impossible so I started looking for any type of 3rd party solution.

I've been using this little app for about 4 months and it works great called MailMon
http://webhosting-tools.com/view.cgi/MailMon
(I'm not affiliated with this product in any way)

On Cpanel servers there is no sendmail. /usr/bin/sendmail is just a symbolic link to /usr/bin/exim. All PHP/Perl scripts use the path to sendmail for any type of email functions, eg: mail()

What MailMon does is replace the symolic link with a Perl script that acts as a monitoring layer. It will log the username of the person sending out email, the full script location, time and how many messages have been sent out.

It logs this in two different ways:

1) Text file
2) MySQL database

It also has a feature where you can limit total outgoing email, eg restrict any client scripts to only send a maximum of 200 emails at a time. If the client goes over you can be notified via email to the admin address you specify.

The script was only $60 and well worth it IMO. Two hours after I first installed the script 4 months agao I caught 2 spammers on my machine which I would have never found before. I have since closed there accounts and my system is running much better and I feel better as well.

Check it out - if you have any additional addons to this script I'd like to hear about it.

Cheers

What did you set you limits to?

If you set it to 200 does that mean it allow no more then 200 to be sent at once or in one day? I set mine to 50 but that may be too low.

Also, Mailscanner doesnt seem to have a problem with it so far so good.

Thanks for the tip. I bet that the boards here will develop into a better cPanel resource than the boards at cPanel.

The cPanel forums suck, no help, people basically have no idea whats going on, questions all over the place with no replies to problems by support staff. What support? Ask a question and the people who think know the answer reply. Unfortunately cPanel is as bad with replies as Ensim is and they have gotten worst over the last 2 months. Submit a cPanel ticket and you may get a reply but alot of the time they will close the ticket without any resolution to your problem. So if you want to go cPanels way be warned. Now with the mass migration of RS users to cPanel i wonder what they will change over at headquarters. Hopefully, the loads of cash they got from the RS transaction will be enough to prompt them to get some support staff who have half a clue. Otherwise you will be tearing your hair out to get a resolution. Im very dissapointed in their support. Dont have to belive what i say, test it yourself. I think we will get more out of it by staying here at RS and using the forums to post soltuions rather then over at cPanel.

i have never experienced problems such as you say from cpanel. I have been working with cpanel for 4 months, and i have gotten prompt replies from the cpanel team whenever i needed it. I also went through my license provider for some questions, and they were more than happy to help. I doubt that rackshack is going to supply the same support as i have for my other server, but we shall see.

I would however love a definitive resource such as forums.rackshack.net that has some quick answers when needed.

I totally agree. I guess great minds think alike

Really! How many links from the cpanel forums would you like me to post on this matter?

no no no, i agree the cpanel forums suck, i was talking about getting support directly from the cpanel staff.

I set mine to 250 right now.
It means no more than 250 can be sent at once.

Keep in mind people running mailing lists may run into trouble with this script depending if you have any large subscribers.


Site Note: Guys please keep on topic here - if you wish to debate about Cpanel support go start a new thread.

Thats what i was thinking, about the mailling list, however any smart spammer could get wise and send 249 messages out at once which means it wont be caught.

Ahh well now you're being picky. I don't think there is a way to limit using a formmail hack but I'm not a spammer lol.

The thing is - the emails are logged. So if you know the persons mailing list only sends out once a month and the log shows daily then there is a problem you can also change the limit whenever you want...

I never said the script was full proof but it sure does help you keep track of scripts and mailing issues.

Hi Rampage,

Seems to be cool script for admins.

Are you getting daily and weekly stats with that monitor script (MailMon) ?

Regards,

Agreed!

Ditto! Aussie, change your avatar back.....

Yes my little sister thinks you don't like her anymore

I must have missed something. Did someone buy someone else? I would have thought about going with rackshack for my ded. server but with a name like "shack" I thought the quality might suffer. Instead I wound up at a much worse place (won't say the name). Maybe I should look into it again. I'm getting answers here about cpanel I didn't find anywhere else.

This program does not work propelry and i hope the author is going to get a clue one day. I just caught somebody trying to send out over 2,000 spam messages and mailmon failed! Big time. We all know that 99.9% of spammer use some type of php or cgi script which mailmon does not catch. So i payed $49 for something that just doesnt work. Maybe the author should get a clue and release some updates to his scripts. I am really very unhappy with mailmon and dont recommend it especially on cPanel.

So this thread got a little off-track. What is the general consensus of this product before I jump in to buy it. We have formmail disabled completely and have run relay check after relay check, but our problem is from scripts within the server not outside. We need help trying to prevent this.

IMHO it is somewhat usefull, but really has a long way to go before it's worth $49.00.

argggggggggggg

So setting e-mail sent a day doesn't stop spammer, this script (mailmon) doesn't work on cpanel, I disabled formail on my server completely but they can still use a PHP script to send spam. I also disabled mail being sent by "nobody" but that has caused problems especially for people who are running forums............

So!

I ask you all, how does one track/Stop spam.........Why is it so hard as a server admin to keep this in a controlled aspect?

It works perfectly fine for me on my Cpanel machine, you probably didn't install it properly. Yes it does watch PHP scripts - any scripts that call the /usr/sbin/sendmail will be monitored.... your php mail function is setup to use that.

I never said it was a complete solution, just something to add to your admin toolbox
If you have install problems contact the developer of the script.

I didnt install it, I just went off what others said about it. But maybe I will try it now.

Thanks

I said it doesnt work. It is installed properly. Its works for awhile then it stops. DUH! I already emailed the author. Do you think i even received a curtesy hello? Nothing. Again, i dont recommend this to anyone. There is another solutions and that is quite simple. If your running Exim4 you can add auditing rules to exim.conf which will tell you exactly who is sending what without haveing to rely of faulty software. Now i know exactly who is sending what just by looking in my exim_mainlog.

2003-06-27 14:06:18 cwd=/home/usersite/public_html/forums 3 args: /usr/sbin/sendmail -t -i
2003-06-27 14:06:18 19W0QE-0001Nr-1b "nobody@srv05.primenet.cc" from env-from rewritten as ""usersite.com" " by rule 1

See the path in the first line? Shows who is sending the msg and then shows what the nobody user is being renamed to. Works great.

Mailmon = Trash

Well aussie it would be a big help if you shared what you added to exim.conf. If you do not want to at least let everyone know could you send me a PM with it, and where you place it at?

Have you searched the forums? I posted it hours ago. Its posted in the Cpanel Email forum. Here let me help you.

http://forum.rackshack.net/showthread.php?...&threadid=26238

Ok so we upgraded to Cpanel 7 with Exim4 in it and then installed MailMon. As soon as it went in mails started getting rejected like crazy, even legit mails. Are there any good work arounds to help prevent script spamming on our servers?

Is http://logreport.org/lire/ recomended...?

I just want to find a spammer, when I get an email from Abuse@rackshack.net... And check every so often for myself.

Thanks.

{edit}
What about this one? http://www.hotscripts.com/Detailed/2238.html
{/edit}

Update - This hasn't been tested with Cpanel 7 or Exim 4.
Therefor I no longer recommend this script to anyone.