How Does A Server Admin Handle An Abuse Issue?
web hosting directory web hosting dedicated server colocation hosting web hosting services servers web hosting company web hosting article web host news web host news

web hosting
Cheap web hosting
Windows web hosting
Linux web hosting
Unrestricted hosting
Ecommerce web hosting
Virtual server VPS
Reseller hosting
by US State
by US City
Web Hosting coupons
VPS coupons

Cheap dedicated servers
Best dedicated servers
Windows dedicated servers
Linux dedicated servers
Unrestricted server
dedicated managed server
dedicated server unmetered
by US State
by US City
Dedicated server coupons

Cheap colocation hosting
Unrestricted Colocation
by US State
by US City
Coupons Promotion

Domain Registration
SSL Certificate
Website Statistics
Merchant account
Control panel
WebSite monitor

Intel Servers
AMD servers
SCSI Servers
Cheap Servers

Web hosting company
Dedicated Hosting
Colocation hosting
Web Hosting Services
Server manufacturer

So you want to know how you decide what web host is best!

What is 1Mbps 95th percentile ?

Top 10 Dedicated servers May 2010

Westmere Dedicated server the best deal

Using CMS to create Websites

Top 10 Dedicated Servers March 2010

Control Panel Benefits

Top 10 Dedicated servers January 2010

More Articles

Ring the Christmas Bells with Infrenion Networks 50% Discount!

WebHost.UK.Net: offering web hosting great deals this Christmas.

Action Web Group Introduces The All New RubberBand Plan To Take The Place Of Unlimited Web Hosting!

Vision Helpdesk Christmas Madness is back! HO-HO-HO Huge Discounts!

Codero Names Jonathan Ewert as President and CEO

Lunarpages Boosts Reseller Plan

More News

How Does A Server Admin Handle An Abuse Issue?

How Does A Server Admin Handle An Abuse Issue?

Most server administrators I know and have talk to enforces prevention and avoidance to be reported as a spammer instead of facing it head on for a cure, they avoid it. Here are some practical steps based on my experiences since 1995 of being a Server Administrator on how to avoid it. We know server administrators are not just part of the system, they are the "system" themselves enforcing zero-tolerance against spam. First and foremost is the foundation of a server of how an abuse or abuse reporting system is setup and placed.

1. Setup a separate dedicated email for this (preferably not using one of your domain's email system or preferably hosted on another server). This email's sole purpose is to receive computer generated logs of abuse report made within 24 hours against allotted ip addresses. This email must not be published anywhere even in your whois info, or in your published pages. I prefer or When that email address is setup, go here: click on "create an Isp account" then log in and click on "Request Reports" and type all allotted ip addresses under your account one ip per line, it's a good thing to specify all ip addresses on your other server accounts as well for centralized reporting. In this way when someone (ignorantly, envy motivated, or plain abuse of one of your members) you will get it on your email address.

2. Open an account at and join these 2 specific newsgroups:
news . admin . net-abuse . policy

news . admin . net-abuse . misc

This is where abuse report issues that are handled and resolved are being posted and spam abusers are reported live to all admin's eyes. By subscribing to it you will be able to monitor every abuse report reported against an ip address, setup a filter in your email address to filter out your ip addresses and so it will end up in your inbox other reports are to be discarded directly to your trash folders for permanent deletion.

Once you have dealt with a spam issue, which I doubt will happen after you practice all steps included in this article, you need to report this issues is either ongoing or resolved and the abuser/spammer is terminated and removed from your server and banned. Reports submitted/posted here needs to have full headers. Mostly web-based email system can be setup to do this, just click on "show full headers report" and copy and paste the whole abusive/spammed email message and paste it on these groups. That way you are saying in front of admins alike that you are enforcing zero-tolerance on all of your members and an active promoter of anti-spam laws in the internet.

3. Logon to WHM (Web Hosting Manager) and click on "Security" and then "Tweak Security" under "SMTP Tweak", click on "Configure" and make sure "Allow connections to localhost on port 25." is disabled. This SMTP tweak will prevent users from bypassing the mail server to send mail (This is a common practice used by spammers). It will only allow the MTA (mail transport agent), mailman, and root to connect to remote SMTP servers. Also it will help to check your mail queue manager a couple of times per day, login to WHM and click on "Email", click on 'Mail Queue Manager" if you see any suspicious looking email address there trying to send usually free web-based ones or generated randomly, and click on "Delete all messages in Queue." That only means that your system can't send it because it's not routable for it's ip address origin are questionable and not listed on your trusted ip's to send out email.

4. Login to WHM (Web Hosting Manager) and click on "Contact Manager" under "Server Contacts" menu. Make sure you placed "2 or 3" on Alert Priority Assignment right beside "Recently Uploaded Cgi Script Mail". This will email you on a daily basis (if there are uploaded pages or scripts) that are set to use your smtp or mail on your server which could be the source of spam abusers to send out spam using your ip addresses. Setup a filter for it and it always is prefixed on the Subject: "[newmailcgi] Recently Uploaded CGI scripts" take note that even php form mail that are insecuredly setup to send spam are also reported to your email address setup as contact manager on your server's WHM. Make sure to actively monitor this and when it happened to give ample warnings to the user who uploaded this.

5. Go to and under "Spam database lookup" type in your ip address and make sure there are no red areas or red rows on any spam database sites, this will confirm that your ip addresses are "clean" from spam. Run another test and click on and see this result "Blacklist Status: Clear " it must always be that way, if it says listed, then you are listed on one or more spam database site and your ip address as one whose spam is originated and declared as spamvertised sites.

6. Go to and run a dns report on your domain and make sure the "SOA record" shows your email address dedicated to your domain on the "Hostmaster E-mail address:". Make sure your "Acceptance of abuse address" is setup as your email Make sure also that mail relaying is not enabled on your domain.

7. To disable mail relaying on your server, login as root via ssh to your server, nano or pico to this file : /etc/mail/spamassassin/ make sure you write out or copy first a backup of it before doing any modifications, make sure the lines: trusted_networks XXX.XXX.XXX.XXX will contain each in one line the ip addresses alloted to your server, so whenever someone tries to "spoof" an email message using one of your domains or your client's domains to send spam, they will be rejected because obviously they will be running it on another ip addresses. Sites like proxy sites need to be included in the banned sites when you create your (TOS) terms of services or (AUP) Accepted User Policy.

8. If your mail queue logs are sending "forged" email address using to someone else, chances are your SPF (Sender Policy Framework) Record is not setup, so go to and set it up. In the dns report scan you've done to your domain will also show this spf record if already set up.

9. Whenever an abuse report issue is sent either thru spamcop's abuse reporting system or reported by a human being, you have 2 email addresses that you need to check everyday or at the most thrice a day to make sure you are running "clean" ip addresses.

10. The last worst case scenario that need to happen to you is to receive an actual spam abuse report from a human or from a software generated abuse reporting system setup by spamcop, it should be dealt and enforced with zero-tolerance on the abusers and all headers (within 6 monts old) need to be kept on your computer's hard drive. All abuse report's headers from humans need to be logged also, when copying and pasting a report make sure you require a valid proof such as a full header copy that you can enable on your web-based email system in the form of "show full headers" The spammer/abuser needs to be terminated and removed from your server as soon as possible and if possible hours away from an actual abuse report and need to be posted on the following groups:

news . admin . net-abuse . policy

news . admin . net-abuse . misc

Thus, saying that you adhere to your zero-tolerance fight against spam and will cause your server's ip addresses to be delisted for free on most spam database lookup site while some requires some kind of a fee for it to be removed. I hope this scenario will never happen to you if you have practice steps 1 - 9. If this resource article coming from a server admin like me to a server admin/postmaster like you have proven to be beneficial and reduced your time on dealing with spammers/abusers, please drop me a line at and I appreciate it. God will give me the rest of the rewards.

When it comes to effective, affordable, and quality webmaster hosting, webmaster comes to our site Please contact with Subject: Customized Package for an affordable customized quote for your shared hosting or server hosting requirements or better visit , a division of Network of Sites ( ) owned by: William Nabaza

Related Articles

Related special offers

TOP 10 Best Dedicated Servers January 2011 recommends real time web statistics for tracking your visitors.

SingleHop Review
Codero Review
1&1 USA Review
DedicatedNOW Review
TurnKey Review
iWeb Review
ServerPronto Review

iPage Review
JustHost Review
FatCow Review
CoolHandle Review
midPhase Review
HostMonster Review
BlueHost Review
Hostgator Review

ERRORQuery Error