Mail servers are exploited a lot these days to flood out spam mails from the ones which have been compromised.
Securing your mail service is very much important. There are some tweaks which can be carried out from WHM panel.
–> In Home >> Server Configuration >> Tweak Settings
* Prevent “nobody” from sending mail – This will ensure that PHP
scripts running under the ownership ‘nobody’ will not be able to send mails. Most of the times, any of the vulnerable PHP script will be the culprit for sending out spams from your account.
* Restrict outgoing SMTP to root, exim, and mailman – This prevents users from bypassing your mail server to send mail. Only the ones mentioned here are authorized to connect to remote SMTP servers.
// If you get an error while trying to enable SMTP restrictions, then you probably are missing an iptables module required for the proper functioning. Ask your provider to enable it for you, or if you have the ways to do it, give-in the following :
# modprobe ipt_owner
//
–> In Home >> Service Configuration >> Service Manager, you can find the option Antirelayd. Keep this disabled, so that each time POP3 connects authentication would be required.
–> If you are facing any issues related to IMAP getting restarted numerous times, check
# grep 'LOGIN FAILED' /var/log/maillog|awk '{print $9}'|sort|uniq -c | sort -n
to see if you have many authentication failures from any IPs. If so, your account is being brute-force attacked. Block the offending IPs in your server firewall.
–> Use secure passwords for your email accounts. Check out the various domains and make sure there are no test accounts created. Under normal cases, test email accounts are created with insecure passwords, which can easily be guessed by the attacker.