Hello,
PHP and Apache are not being able to track which users are sending out mail through the PHP mail function from the nobody user causing leaks in formmail scripts and malicious users to spam from your server without you knowing who or where.

Monitiring exim_mainlog doesn’t exactly help, you see th email going out but you can’t track from which user or script is sending it. This is a quick and dirty way to get around the nobody spam problem on your Linux server.

If you check out your PHP.ini file you’ll notice that your mail program is set to: /usr/sbin/sendmail and 99.99% of PHP scripts will just use the built in mail(); function for PHP - so everything will go through /usr/sbin/sendmail
Requirements:

We assume you’re using Apache 1.3x, PHP 4.3x and Exim. This may work on other systems but we’re only tested it on a
Cpanel/WHM Red Hat Enterprise system.

Step 1:

Login to your server with root.

Step 2:
Turn off exim before proceeding
service exim stop

Step 3:
Take the Backup of  your original /usr/sbin/sendmail file

mv /usr/sbin/sendmail /usr/sbin/sendmail_bak

Step 4:

You need to  Create the spam monitoring script for the new sendmail.
pico /usr/sbin/sendmail

Paste in the following:

#!/usr/local/bin/perl

# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, “>>/var/log/spam_log”) || die “Failed to open file ::$!”;
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO “$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n”;
}
else {

print INFO “$date - $PWD -  @infon”;

}
my $mailprog = ‘/usr/sbin/sendmail.hidden’;
foreach  (@ARGV) {
$arg=”$arg” . ” $_”;
}

open (MAIL,”|$mailprog $arg”) || die “cannot open $mailprog: $!n”;
while (<STDIN> ) {
print MAIL;
}
close (INFO);
close (MAIL);

save and close

Step 5:
Now change the new sendmail permissions
chmod a+x /usr/sbin/sendmail

Step 6:

Create a new log file to keep a history of all mail going out of the server using web scripts
touch /var/log/spam_log

chmod 0777 /var/log/spam_log

Step 7:
Start Exim up again.
/etc/init.d/exim start

Step 8:
You can Monitor your spam_log file for spam, try using any formmail or script that uses a mail function - a message board, a contact script.
tail - f /var/log/spam_log

Reference taken from : webhostgear.com

How to install and configure the CSF (configserver) firewall.

CSF can be used on a wide range of Linux systems, including those running cPanel. Following are the steps to install and configure the CSF.

Installation is quite straightforward:

rm -fv csf.tgz

wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

If you would like to disable APF+BFD (which you will need to do if you have
them installed otherwise they will conflict horribly):

sh disable_apf_bfd.sh

That’s it. You can then configure csf and lfd in WHM, or edit the files
directly in /etc/csf/*

csf is preconfigured to work on a cPanel server with all the standard cPanel
ports open. It also auto-configures your SSH port if it’s non-standard on
installation.

To configure CSF modify the config files in /etc/csf/ - or if you are running WHM you can modify the CSF settings in WHM itself.

You should ensure that kernel logging daemon (klogd) is enabled. Typically, VPS
servers have this disabled and you should check /etc/init.d/syslog and make
sure that any klogd lines are not commented out. If you change the file,
remember to restart syslog.

See the readme.txt file for more information.

Uninstallation
==============
Removing csf and lfd is even more simple:

cd /etc/csf
sh uninstall.sh

Check out its feature on how it works.

–> There are several ways that SpamAssassin makes up its mind about a
message:
–> The message headers can be checked for consistency and adherence to
Internet standards (e.g., is the date formatted properly?).
–> The headers and body can be checked for phrases or message elements
commonly found in spam (e.g., “MAKE MONEY FAST” or instructions on how to be
removed from future mailings)-in several languages.
–> The headers and body can be looked up in several online databases that
track message checksums of verified spam messages.
–> The sending system’s IP address can be looked up in several online lists
of sites that have been used by spammers or are otherwise suspicious.
–> Specific addresses, hosts, or domains can be blacklisted or whitelisted.
A whitelist can be automatically constructed based on the sender’s past
history of messages.
–> SpamAssassin can be trained to recognize the types of spam that you
receive by learning from a set of messages that you consider spam and a set
that you consider non-spam. (SpamAssassin and the spam-filtering community
often refer to non-spam messages as ham. )
–> The sending system’s IP address can be compared to the sender’s domain
name using the Sender Policy Framework (SPF) protocol (http://spf.pobox.com)
to determine if that system is permitted to send messages from users at that
domain. This feature requires SpamAssassin 3.0.
–> SpamAssassin can privilege senders who are willing to expend some extra
computational power in the form of Hashcash (http://www.hashcash.org).
Spammers cannot do these computations and still send out huge amounts of
mail rapidly. This feature requires SpamAssassin 3.0.

Most of SpamAssassin’s behavior is controlled through a systemwide
configuration file and a set of per-user configuration files. The per-user
configuration can also be stored in an SQL database.

How to Configure it ? : -
——————-

You can easily customize how SpamAssassin tags and identifies spam by
creating a spamassassin/user_prefs file. You can customize the number of
“spam points” required to identify a message as spam, create new rules, and
re-weight existing rules. Here is a sample user_prefs file. It raises the
threshold for identifying spam from 5 to 6, disables including spam warnings
in the subject and body, reweights a known rule, and adds several blacklist,
whitelist, and header rules.

Listing 1. A typical user_prefs configuration file

================================================================

#How many hits before a mail is considered spam?
required_hits 6

#Don’t mangle the messages so badly
rewrite_subject 0
use_terse_report 1

#whitelist and blacklist
whitelist_from *@www.webhosting.uk.com
blacklist_from annoying-person@xyz.com

#reweight an existing rule
score BASE64_ENC_TEXT 3

#add some new rules
header KNOWN_LIST List-Id =~ /a-mailing-list-i-like/
score KNOWN_LIST -3

body EVITE /This invitation was sent to you by .* using Evite/
describe EVITE Looks like an eVite
score EVITE -3

================================================================

Enjoy..

While sending emails from your email address and you get the error Unrouteable address with RCPT reject. That means the problem at receivers end.

Check the following things.

1. Check the domains entry is available in userdoamins.

2. Check the domains entry is is available in localdomain

3. check the domain must having catchall address set if not then set
vi /etc/valiases/domain.com

*: username

4. also make sure that the mail folder having ownership user:mail

5 restart exim services once.

6. Now your problem will get resolved.

You must perform this procedure on e-mail clients that will use the POP3 service
===================================================================================================
1)Click Start, point to All Programs, and then click Outlook Express.
2)On the Tools menu, click Accounts.
3)Click Add, and then click Mail
4)Type Your name in Display name as you would like it to appear.
5)Type your email address people use to send email messages to you.
6)Type mail.domainname under incoming mail(POP3, IMAP OR HTTP) server as well as under Outgoing mail SMTP server.
For example if your domainname is example.com then type under incoming mail(POP3, IMAP OR HTTP) server, mail.example.com and under Outgoing mail SMTP server, mail.example.com.
7)Follow the instructions as above in the Internet Connection Wizard until you reach the Internet Mail Logon page
8)In Account name, type your POP3 service user name, followed by the domain, for example, someone@example.com.
In Password, type the password associated with your POP3 service e-mail account.
9)Click on properties button.
10)Enable: My servers requires authentication in servers tab
11)Enable: Leave a copy of message on the server in advanced tab.

Pissed off with wrong disk usages for your email accoounts in Webmail ?

Dont worry ..

Just find and remove below files from your account ..
1. find /home/username/mail/ -name maildirsize

2. find /home/username/.cpanel-datastore/ -name “diskusage_*”
Cheers

Set up your email account in Microsoft Entourage for Macintosh OS X.
Perform the steps given below and you will be able to set up your accounts.

1) Open Entourage, go to the “Tools” menu and click on “Accounts…”

2) When the “Internet Accounts” window appears, click on the “Mail” tab. Click and hold on the “New” button, moving your pointer over the “Mail…” label and release the mouse button.

3) When the “Account Setup Assistant” dialog starts, begin filling out Your name: the name you want to appear on all your emails you send to people. At the bottom left of this window, click Configure account manually.

4) In the New Account window, choose IMAP, the recommended protocol for U of MN e-mail, unless, as an advanced user, you have a reason to use POP. Click OK.

5) In the Edit Account window, fill in the following information:

Account Settings
Account name: Your full name
Include this account…: (optional)

Personal information
Name: Your full name
E-mail address: someone@example.com

Receiving mail
Account ID: Your internet ID
IMAP server: .email.example.com
Password/Save password: (optional)

Sending mail
SMTP Server: smtp.example.com

6) Set advanced receiving options:

This IMAP service requires a secure connection (SSL) should be checked.

Override default IMAP port: check if 993 isn’t set, and reset to 993 if needed.

7) Set advanced sending options:

SMTP service requires secure connection (SSL) should be checked.

Override default SMTP port should be checked and changed to 587. If you have trouble sending e-mail with this configuration, try port 465 instead.

SMTP server requires authentication should be checked.
Use same settings as incoming mail server should be set.

Settings in the Options tab are optional. The settings shown in the Advanced tab are preferred, but the “Delete options” can be altered to suit your needs.

To read newsgroups in Outlook Express 5 and 6 in Windows, follow the steps below:

1. Select accounts from the Tools menu.

2. Click the News tab. Click Add and select News.

3. The Internet Wizard will start. The first window will prompt you for your display name. Enter your name here and click Next.

4. Enter your email address and click Next.

5. Enter the news server and click Next.

6. Click Finish and then Close.

7. Click Yes to download the list of available newsgroups.

8. Select the newsgroups to which you want to subscribe, and click Subscribe. When you finish subscribing to newsgroups, click OK.