How to Disallow or Rate Limit Web Server Mail in Exim

Recently one of the apache webserver’s vhost was compromise and allow spammer to use the script to perform massive outgoing email spam. As usual, due to un-patch WordPress’s engine from a user on the web server. Ended up the “hacker” been using the PHP’s mail() function sending a massive 100k++ outgoing email to email provider such as yahoo mail and gmail.

There were a lot email queue in Exim’s queue, due to the blockage from recipient server. Unfortunately WordPress doesn’t have SMTP setting for outgoing email notification, it has to rely on third party plugins.

Here is what we implement on SMTP MTA to deny/rate limit outgoing from PHP’s mail() function.

On Exim config file, before hitting ACL configuration, place this config for non-smtp setting


acl_not_smtp = acl_check_not_smtp

After “begin acl” section, place this config


acl_check_not_smtp:

  deny
        senders = www@domain.com
        message = sorry server is offline

  deny
        ratelimit = 20 / 1h / strict / $sender_address_domain
        senders = *@domain.com
        message = sorry server is offline

  accept

The first rule is totally deny anything from apache’s vhost. It means non of the apache’s vhost can send outgoing email with PHP mail() function. If you are not comfortable with this. Can try on the second rules, which is rate limit the outgoing email, which can help to eliminate the massive outgoing email happened on apache web server UID.

Have fun controlling and fight with the spam 😉