How to Disallow or Rate Limit Web Server Mail in Exim
Recently one of the apache webserver’s vhost was compromise and allow spammer to use the script to perform massive outgoing email spam. As usual, due to un-patch WordPress’s engine from a user on the web server. Ended up the “hacker” been using the PHP’s mail() function sending a massive 100k++ outgoing email to email provider such as yahoo mail and gmail.
There were a lot email queue in Exim’s queue, due to the blockage from recipient server. Unfortunately WordPress doesn’t have SMTP setting for outgoing email notification, it has to rely on third party plugins.
Here is what we implement on SMTP MTA to deny/rate limit outgoing from PHP’s mail() function.
On Exim config file, before hitting ACL configuration, place this config for non-smtp setting
acl_not_smtp = acl_check_not_smtp
After “begin acl” section, place this config
acl_check_not_smtp: deny senders = firstname.lastname@example.org message = sorry server is offline deny ratelimit = 20 / 1h / strict / $sender_address_domain senders = *@domain.com message = sorry server is offline accept
The first rule is totally deny anything from apache’s vhost. It means non of the apache’s vhost can send outgoing email with PHP mail() function. If you are not comfortable with this. Can try on the second rules, which is rate limit the outgoing email, which can help to eliminate the massive outgoing email happened on apache web server UID.
Have fun controlling and fight with the spam 😉