ConfigServer Outgoing Spam Monitor (osm) has been designed to use multiple methods to monitor outgoing email and SMTP connections for activity that could indicate a spammer is active on a server.
With the proliferation of web scripts in shared hosting environments that are often poorly maintained or badly written, the chances of a hacker exploiting vulnerabilities in scripts is at an all time high. Additionally, end-user PC’s and other devices that send email through a server (relay) that have been compromised and used as a spam source has always been a problem. These issues along with spammers deliberately targeting hosting providers by purchasing accounts simply to send out spam have kept the diligence required to prevent spam from being sent from servers all the more difficult.
osm is for any server owner using cPanel/DirectAdmin that is concerned about active or potential future attempts to send out spam email through the server. It targets all the methods available to keep track of outgoing email and SMTP connections. It is designed to be used entirely from the cPanel/DirectAdmin UI, which provides both configuration and viewing of reports generated by a daemon process running continuously on the server.
Who can use Outgoing Spam Monitor?
Web hosting companies
Small/medium businesses managing their own dedicated or virtual servers
Server management companies wanting to offer value added services
Anyone running a cPanel or DirectAdmin dedicated server or virtual server, who is concerned about the potential for spam to be sent from their server
Benefits of Outgoing Spam Monitor
Provides an easy to use interface within the root or admin control panel.
Licensed on a per server basis, no limit on users or accounts.
One time purchase price, includes software updates for the life of the product. No monthly fees.
One initial default installation per license is included in the price.
Outgoing email sent via exim is tracked by cPanel/DirectAdmin account
Matching Subject headers for outgoing email sent via exim is tracked by cPanel/DirectAdmin account
Script path location (cwd) is tracked by cPanel/DirectAdmin account
Matching script path location (cwd) is tracked by cPanel/DirectAdmin account
Outgoing SMTP connections to remote servers (that bypass exim) are tracked by cPanel/DirectAdmin account
Matching script path location for outgoing SMTP connections to remote servers (that bypass exim) are tracked
Authenticated outgoing email is tracked by email account and connecting IP address
osm uses real-time Packet Inspection to track SMTP connections, this is primarily useful if you cannot use the csf SMTP_BLOCK or cPanel/DirectAdmin provided equivalent feature
Configurable trigger levels for each type of tracking by cPanel/DirectAdmin account on a per email/connection per second basis
Apache Status information us used to link outgoing email with actual scripts being used
Multiple actions can be performed once a report is raised after a trigger level is reached:
Send an email report of the events
Store the report of events to view in the WHM UI
Hold outgoing email from the cPanel/DirectAdmin/email account in the exim queue
Discard outgoing email from the cPanel/DirectAdmin/email account
Suspend the whole cPanel/DirectAdmin account
Prevent the email account from logging in
Rename the reported path
Run the custom script configured in the WHM UI
Rename the file determined from the Apache Status
Block the IP address (AUTHRELAY, ALWAYSRELAY, POPRELAY, Apache Status) in csf
Custom action script is configurable and can be sent JSON, YAML, XML and PERL data structures to allow for client specific actions
Inheritance rules are used to configure all trigger levels for each cPanel/DirectAdmin account plus the default settings
Apache with mod_status required for the Apache Status feature (default on cPanel and DirectAdmin)
Pcap Kernel access via libpcap required for SMTP Packet Interception
csf for IP address blocking
Other Technical Information and Limitations
Without mod_status configured via Easyapache, the Apache Status feature cannot be used
mod_rewrite rules in local htaccess files may break Apache Status functionality
IP address triggers are controlled by the “Default” settings in Event Configuration
Duplication of reports will occur between logline and cwdcheck report types as they are often referring to the same email event. However, each event type offers different triggers to detect outgoing spam patterns
The SMTP Packet Inspection feature will not function on Virtuozzo/OpenVZ Servers (and other types of custom kernel) as the kernels do not support Pcap access
Support is not guaranteed for servers running services from 1h.com, ASL, or Bitninja.
We only provide support for supported versions of the OS and cPanel/DirectAdmin. EOL versions are not supported.
Osm does not scan the content of outgoing emails; it monitors the server for activity that could indicate spamming.
osm is a commercial product that is sold and licensed on a per server basis. Unlike competing products, it is strictly a one-time per server license purchase with updates for the life of the product, all at a reasonable price! Initial default installation on a single server per license is included in the price. Please see the FAQ for more information about discounts and installation.
Bulk purchase discounts are available. Please see the osm FAQ.
