ConfigServer Outgoing Spam Monitor (osm) has been designed to use multiple methods to monitor outgoing email and SMTP connections for activity that could indicate a spammer is active on a server.

With the proliferation of web scripts in shared hosting environments that are often poorly maintained or badly written, the chances of a hacker exploiting vulnerabilities in scripts is at an all time high. Additionally, end-user PC's and other devices that send email through a server (relay) that have been compromised and used as a spam source has always been a problem. These issues along with spammers deliberately targeting hosting providers by purchasing accounts simply to send out spam have kept the diligence required to prevent spam from being sent from servers all the more difficult.

osm is for any server owner using cPanel that is concerned about future or active attempts to send out spam email through the server. It targets all the methods available to keep track of outgoing email and SMTP connections. It is designed to be used entirely from the cPanel WHM UI, which provides both configuration and viewing of reports generated by a daemon process running continuously on the server.

• Outgoing email sent via exim is tracked by cPanel account
• Matching Subject headers for outgoing email sent via exim is tracked by cPanel account
• Script path location (cwd) is tracked by cPanel account
• Matching script path location (cwd) is tracked by cPanel account
• Outgoing SMTP connections to remote servers (that bypass exim) are tracked by cPanel account
• Matching script path location for outgoing SMTP connections to remote servers (that bypass exim) are tracked
• Authenticated outgoing email is tracked by email account and connecting IP address
• osm uses real-time Packet Inspection to track SMTP connections, this is primarily useful if you cannot use the csf SMTP_BLOCK or cPanel provided equivalent feature
• Configurable trigger levels for each type of tracking by cPanel account on a per email/connection per second basis
• Apache Status information us used to link outgoing email with actual scripts being used
• Multiple actions can be performed once a report is raised after a trigger level is reached:
• Send an email report of the events
• Store the report of events to view in the WHM UI
• Hold outgoing email from the cPanel/email account in the exim queue
• Discard outgoing email from the cPanel/email account
• Suspend the whole cPanel account
• Prevent the email account from logging in
• Rename the reported path
• Run the custom script configured in the WHM UI
• Rename the file determined from the Apache Status
• Block the IP address (AUTHRELAY, ALWAYSRELAY, POPRELAY, Apache Status) in csf
• Custom action script is configurable and can be sent JSON, YAML, XML and PERL data structures to allow for client specific actions
• Inheritance rules are used to configure all trigger levels for each cPanel account plus the default settings

osm is a commercial product that is sold and licensed on a per server basis. Unlike competing products, it is strictly a one-time per server license purchase with updates for the life of the product, all at a reasonable price! Initial default installation on a single server per license is included in the price. Please see the FAQ for more information about discounts and installation.

Bulk purchase discounts are available. Please see the osm FAQ.

A license for osm is also included free when you purchase our cPanel Service Package