How to Prevent Spam with Mail Limiting Features
Last modified: September 22, 2021
Overview
The Mail section of WHM’s Tweak Settings interface (WHM » Home » Server Configuration » Tweak Settings) contains five options that allow you to limit outgoing mail. The limits that these options set apply to all domains on the server. Use the options to help limit bandwidth consumption and prevent potential spammers.
You must enable the Eximstats driver in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager) to use the following features.
Total emails sent by a domain per hour options
The following options apply to the total number of outgoing messages that a domain sends per hour.
The account package’s resource option Maximum Hourly Email by Domain Relayed also determines the limit. A specific limit set in the package will overwrite any changes made in Tweak Settings.
Max hourly emails per domain
The Max hourly emails per domain option limits the number of messages that a domain can send per hour.
Attributes
-
cpanel.config
entry:maxemailsperhour
-
Default value:
Unlimited
(no value) -
Minimum value:
1
-
Maximum value:
Unlimited
(no value) -
Permissions: — A user with either of the following permissions can access this option:
- A reseller account, if you enable the Allow Creation of Packages with non-default Email Limits option in WHM’s Edit Reseller Nameservers and Privileges interface (WHM » Home » Resellers » Edit Reseller Nameservers and Privileges)
- A user with
root
-level privileges.
-
To define a maximum number of emails that the server allows for an account package, use WHM’s Edit a Package interface (WHM » Home » Packages » Edit a Package).
-
To define a maximum number of emails that the server allows for an individual cPanel account, use WHM’s Modify an Account interface (WHM » Home » Account Functions » Modify an Account).
Count mailman deliveries towards a domain’s Max hourly emails
This setting allows you to specify whether to count messages sent to Mailman mailing lists against an account’s Max hourly emails per domain limit.
-
Set this option’s value to On to include Mailman deliveries in the total value that a domain’s Max hourly emails per domain option uses.
-
Set this option’s value to Off to exclude Mailman deliveries from the total value.
Attributes
-
cpanel.config
entry:email_send_limits_count_mailman
-
Default value: Off
-
Permissions: A user with
root
-level permissions can access this option.
The percentage of email messages (above the account’s hourly maximum) to queue and retry for delivery
This option defines how the mail server handles outgoing messages for a domain that reaches the value of the Max hourly emails per domain option. The mail server will attempt to deliver any queued messages in the next hour, by default.
-
To discard all additional outgoing messages for a domain after the domain reaches the value of the Max hourly emails per domain option, enter
100
in the The percentage of email messages (above the account’s hourly maximum) to queue and retry for delivery text box. -
To queue outgoing messages for a domain after the domain reaches the value of the Max hourly emails per domain option, enter a value larger than
100
in the The percentage of email messages (above the account’s hourly maximum) to queue and retry for delivery text box.
The mail server evaluates the value that you enter in the The percentage of email messages (above the account’s hourly maximum) to queue and retry for delivery text box as a percentage of the value that you set for the Max hourly emails per domain option.
Attributes
-
cpanel.config
entry:email_send_limits_defer_cutoff
-
Default value:
125
-
Minimum value:
100
-
Maximum value:
10000
-
Permissions: A user with
root
-level permissions can access this option.
Example
You set the Max hourly emails per domain option to 100
, and you set the The percentage of email messages (above the account’s hourly maximum) to queue and retry for delivery option to 200
. The mail server applies the following rules to the outgoing messages from each domain:
-
The mail server sends the first 100 outgoing messages from the domain.
-
The mail server queues the next 100 outgoing messages from the domain.
-
The mail server discards any additional outgoing messages from the domain.
-
In the following hour, the mail server attempts to send all queued outgoing messages from the domain.
Total emails sent by an email account per hour options
The following options apply to the total number of outgoing messages that an individual email account sends per hour.
Number of unique recipients per hour to trigger potential spammer notification.
The Number of unique recipients per hour to trigger potential spammer notification. setting specifies the number of emails that any account may send in one hour before the system sends an alert notification.
If an email account exceeds this threshold and the system administrator has enabled the Large Amount of Outbound Email Detected alert in WHM’s Contact Manager interface (WHM » Home » Server Contacts » Contact Manager), the system will send an alert to the system administrator.
Failed and deferred outgoing message options
The Maximum percentage of failed or deferred messages a domain may send per hour option and the Number of failed or deferred messages a domain may send before protections can be triggered option specifies when the server will temporarily block outgoing mail from a domain. The system examines all outgoing and local mail over the previous hour to determine whether these conditions are true.
Your server will temporarily block outgoing mail from a domain if both of the following conditions are true:
-
The percentage of failed or deferred messages, out of the total number of messages that the domain sent, is equal to or greater than the percentage that you specify for the Maximum percentage of failed or deferred messages a domain may send per hour option.
-
The domain has sent at least the number of failed or deferred messages that you specify for the Number of failed or deferred messages a domain may send before protections can be triggered option.
Example
If you set the following values, the server functions in the manner that the table below describes:
-
Maximum percentage of failed or deferred messages a domain may send per hour —
55%
-
Number of failed or deferred messages a domain may send before protections can be triggered —
7
Deferred or failed (past hour) | Successful (past hour) | % deferred or failed | Domain’s outgoing mail status |
---|---|---|---|
1 | 0 | 100% | OK — The domain reached the percentage of failed or deferred messages, but did not reach the number of failed or deferred messages. |
2 | 0 | 100% | OK — The domain reached the percentage of failed or deferred messages, but did not reach the number of failed or deferred messages. |
2 | 1 | 67% | OK — The domain reached the percentage of failed or deferred messages, but did not reach the number of failed or deferred messages. |
2 | 2 | 50% | OK — The domain did not reach either condition. |
3 | 2 | 60% | OK — The domain reached the percentage of failed or deferred messages, but did not reach the number of failed or deferred messages. |
4 | 2 | 67% | OK — The domain reached the percentage of failed or deferred messages, but did not reach the number of failed or deferred messages. |
5 | 2 | 71% | OK — The domain reached the percentage of failed or deferred messages, but did not reach the number of failed or deferred messages. |
6 | 2 | 75% | OK — The domain reached the percentage of failed or deferred messages, but did not reach the number of failed or deferred messages. |
6 | 3 | 67% | OK — The domain reached the percentage of failed or deferred messages, but did not reach the number of failed or deferred messages. |
6 | 4 | 60% | OK — The domain reached the percentage of failed or deferred messages, but did not reach the number of failed or deferred messages. |
6 | 5 | 55% | OK — The domain reached the percentage of failed or deferred messages, but did not reach the number of failed or deferred messages. |
6 | 6 | 50% | OK — The domain did not reach either condition. |
6 | 7 | 46% | OK — The domain did not reach either condition. |
7 | 7 | 50% | OK — The domain reached the number of failed or deferred messages, but did not reach the percentage of failed or deferred messages. |
8 | 7 | 53% | OK — The domain reached the number of failed or deferred messages, but did not reach the percentage of failed or deferred messages. |
9 | 7 | 56% | OUTGOING MAIL BLOCKED — The domain reached both conditions. |
Number of failed or deferred messages a domain may send before protections can be triggered
Use the Number of failed or deferred messages a domain may send before protections can be triggered option with the Maximum percentage of failed or deferred messages a domain may send per hour option. Your server does not temporarily block outgoing mail from a domain until the domain reaches both limits.
This option defines how many failed or deferred messages that a domain can send before the mail server checks whether the Maximum percentage of failed or deferred messages a domain may send per hour value was met.
Attributes
-
cpanel.config
entry:email_send_limits_min_defer_fail_to_trigger_protection
-
Default value:
5
-
Minimum value:
1
-
Maximum value:
1000000000000000000
-
Permissions: A user with
root
permissions can access this option.
Maximum percentage of failed or deferred messages a domain may send per hour
Use the Maximum percentage of failed or deferred messages a domain may send per hour option with the Number of failed or deferred messages a domain may send before protections can be triggered option. Your server does not temporarily block outgoing mail from a domain until the domain reaches both limits.
This option specifies the maximum percentage of failed or deferred messages that a domain may send per hour. This option only applies after the number of failed or deferred messages reaches the Number of failed or deferred messages a domain may send before protections can be triggered option’s value.
Attributes
-
cpanel.config
entry:email_send_limits_max_defer_fail_percentage
-
Default value:
Unlimited
-
Minimum value:
1
-
Maximum value:
Unlimited
-
Permissions: A user with
root
permissions can access this option.
Error message
If a domain reaches the limits set in the Maximum percentage of failed or deferred messages a domain may send per hour and Number of failed or deferred messages a domain may send before protections can be triggered options set, then your error log will contain entries that resemble the following example:
R=enforce_mail_permissions: Domain example.com has exceeded the max defers and failures per hour (7/5 (20%)) allowed. Message discarded.
The number of failed and deferred outgoing messages affect the values in the error message in the following ways:
-
7
— The number of failed or deferred outgoing messages from the domain in the hour. -
5
— The number of failed or deferred messages the mail server allows the domain to send in an hour, before it checks the percentage of failed or deferred outgoing messages that the mail server allows the domain to send. To set this value, use the Number of failed or deferred messages a domain may send before protections can be triggered option. -
20
— The current percentage of deferred or failed outgoing messages for the domain. This percentage is based on the total messages sent compared to the number of failed or deferred outgoing messages per hour for the domain.