Below is the Configuring of Outlook (secure and non-secure)


In Outlook Tools settings >> E-mail Accounts.

1) Display Name :- abc@yourdomain.com

2) Internet E-mail Address:- abc@yourdomain.com

3) Incoming mail POP/IMAP Server:- mail.yourdomain.com / yourdomain.com /server ip

4) Outgoing mail SMTP Server :- mail.yourdomain.com / yourdomain.com /server ip

5) Account name :– abc@yourdomain.com

6) Password :- Enter the password of the email account


Non secure port settings:-

Outgoing mail (SMTP):25 OR 26 Or 587 (some ISP’s are blocking port 25)

Incoming mail(POP3):110

Incoming mail(IMAP):143


Secure port settings:-

Outgoing mail (SMTP): 465

Incoming mail(POP3): 995

Incoming mail(IMAP): 993

NOTE : Make sure you have selected ” My Server Requires Authentication” .

Go to Outlook >> tools >> account >> Properties >>under server tab >> My Server Requires Authentication.

========= ===========================

eMail Spamming Troubleshoot


Some scripts that are used to send out spam emails :

[root@support ~]#grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n

[root@support ~]#eximstats -t5 /var/log/exim_mainlog > teststats

Script to know the mail count by various accounts
[root@support ~]#grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n

The number of mails by a domain
[root@support ~]#exigrep @domain.com /var/log/exim_mainlog|grep 2009-04-17|grep Completed|wc -l

[root@support ~]#ps -C exim -fH ewww |grep home, it shows the mails going from the server.
It shows from which user’s home the mail is going, so that you can easily trace it and block it if needed.

[root@support ~]#eximstats -ne -nr /var/log/exim_mainlog
It shows top 50 domains using mail server with options.

[root@support ~]#exim -bp | exiqsumm
It shows the main domains receiving and sending mails on the server.

[root@support ~]# netstat -plan|grep :25|awk {‘print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1
It shows the IPs which are connected to server through port number 25. It one particular Ip is using more than 10 connection you can block it in the server firewall.

In order to find “nobody” spamming, issue the following command
[root@support ~]#ps -C exim -fH ewww|awk ‘{for(i=1;i<=40;i++){print $i}}’|sort|uniq -c|grep PWD|sort -n
It will give as like below result :-
Example :
6 PWD=/
347 PWD=/home/sample/public_html/test
Count the PWD and if it is a large value check the files in the directory listed in PWD
(Ignore if it is / or /var/spool/mail /var/spool/exim)

The above command is valid only if the spamming is currently in progress. If the spamming has happened some hours before, use the following command.

Command :
[root@support ~]#grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n
This will result in something like :
96 cwd=/root
4583 cwd=/home/sample/public_html/test

Count the cwd and if it is a large value check the files in the directory listed in cwd
(Ignore if it is / or /var/spool/mail /var/spool/exim)

Pass the below mentioned command at your command prompt to find the domain which is being used by spammers.

[root@support ~]#exim -bpr | exiqsumm -c | head
[root@support ~]#exiqgrep -ir <domain> | xargs -n1 exim -Mrm

That should remove any e-mail that is in the queue that is waiting to be delivered to POP accounts at <domain>.

Take below Precautions:
I)Turn on the SMTP tweak. It will block the users to bypass the mail server for sending out spam.
II)Turn on blacklisting ability in whm.
III)Use spamassassin to stop receiving spam mails.

SPF record and domain keys


You can set SPF records and domain keys in cpanel server via below steps :-
First login to cpanel >> Email Authentication >> and there you can enable the SPF record and the Domain keys.
[root@support ~]#/usr/local/cpanel/bin/spf_installer (cPanel username)
[root@support ~]#/usr/local/cpanel/bin/domain_keys_installer (cPanel username)
Or you can use the script
[root@support ~]# for i in `ls /var/cpanel/users` ;do /usr/local/cpanel/bin/domain_keys_installer $i ;done
To enable Domain keys by default for all the accounts created.
Edit /scripts/postwwwacct and adding:
my %OPTS = @ARGV;
my $user = $OPTS{’user’};
/usr/local/cpanel/bin/domain_keys_installer $user
To install SPF record for all the domains use :
[root@support ~]#for i in `ls /var/cpanel/users` ;do /usr/local/cpanel/bin/spf_installer $i ;done

How to troubleshoot Spamming


[root@support ~]#exim -bp |exiqsumm     –> List the number of mails in queue and its size. Also it shows the domain on to which the mail is send. NOTE : Its not the domain from which the mail is send.

[root@support ~]#exim -bpr | grep frozen | wc -l       —> Shows the number of mails that are frozen

[root@support ~]#exiqgrep -z -i | xargs exim -Mrm    —>  Remove just the frozen mails.

[root@support ~]#exiqgrep -i -f alam@alam.co.in| xargs exim -Mrm     –> Remove all mails from a particular email address.

[root@support ~]#exim -Mvh Message ID    —> To view exim mail header

[root@support ~]#exim -Mvb Message ID    —> To view exim mail body

[root@support ~]#exim -q -v      —>  Forcefully run mail queue.