How to stop spam -- DEAD in its tracks!!

In regards to these settings at start of thread, what causes everything to revert back? I haven't gone through the pdf and actually checked each individual setting has changed back but considering the spam is back and I am now receiving emails that were getting caught by the changes again I can only assume some at least have changed back?
@Sherrie: I haven't had any issues with any settings reverting back to default, so I don't know what your issue might be. I would look in the email header for clues.

@Sherrie and @Marco_B: Yes, you edit the file via your preferred method. I'm pretty sure that shortly after KnownHost identified the ipv6 issue for me, they decided to include that fix in their standard vps image. So new customers would have that setting already fixed.
Are there any adjustments that need to be done to the steps for sites hosted that have dedicated IPs and SNI as well?

I performed Steps 1 - 6 and started getting the following error (as a sample) when sending from one of the sites that as a dedicated IP (and SNI for their SSL):

An error occurred while sending mail. The mail server responded:
SPF: is not allowed to send mail from
Please check the message recipient "" and try again.

Thanks, in advance!
Timothy Kline
I don't think so. That's an SPF error which basically indicates that the sender is using a relay when the server otherwise doesn't allow it. Step 4 here ( Security.pdf) explains it pretty well.

Turned out that Anna from Support was able to sort things out and get things working with the SPF issue. Thanks Anna!!

And that you RMedure for this amazing how-to guide. My clients have already started contacting me this morning to ask if the mail server's down because they didn't walk into the piles of SPAM they'd become accustomed to. I assured them it is indeed working, better than ever!

"If you've KnownHost, you know there's nowhere else you'd rather be."
--Timothy Kline / ENVISIONocity
You need to use ftp I assume and edit the file. I checked mine and it was already set up that way.

One more question if applicable...

Do I need to set this for every domain seperately? Through FTP?


No, that's not it as then I can't find the directory I need... So someone here to help me out?
Last edited:
Hi Marko_B,

To do it using FTP you'd need to download the file (/etc/sysconfig/named) and open it using a text editor. The very last line is where it's at in my file, already there.

You could also log into your VPS using SSH and look at/edit it.

pico /etc/sysconfig/named

Look at/edit file as needed then ctrl+x to save and exit.

Hope that helps!
Thanks for the writeup. I found it pretty useful. I have a couple concerns that maybe you already have answers for.

While doing some tests I noticed that I was getting query refusals from due to traffic of the hosts dns server (not knownhost, a different webhost). Normally this would not be a problem except for the scripts interpret the response as the sender being in Is there a way to determine if the response is legitimate vs refusal? I'm also curious if the other blacklists are susceptible to this sort of problem. For now I've disabled from the rbl list.
SMTP error from remote server after RCPT command:
"JunkMail rejected - []:50506 - - is in, see: -> Query Refused. See for more information [Your DNS IP:]"

Again, thanks for the great writeup!
Last edited:
This is an older thread but I'm following up with an issue and a solution, in case this is helpful for others.

Before I dig into the issue, I want to express that - at almost a year later, this has been the most helpful thread I've encountered on this forum. Me and my clients have received such a small amount of spam after making these adjustments. Thank you again for sharing this information, RMedure!

OK, now for the issue - and solution.

I have set myself and clients up to collect their email in gmail but had been running into troubles recently. I could continue to send and receive my own mail in gmail, but could not set a new client up in gmail. Here is the error I got from gmail during the account setup - SMTP settings:

> Couldn't reach server. Please double-check the server and port number.​

Note: I collect my mail in gmail using my own VPS mailserver settings, not using gmail's mailservers.

I had no issue setting up the receiving server (POP) and collecting mail and no problem with both the sending and receiving servers in a local mail program, such as Mac Mail. Only gmail's SMTP server that was having the issue.

KnownHost tech support examined the /var/log/exim_mainlog file and found that the following line to be helpful:

> 2016-05-23 01:34:19 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[]:32842 input="\026\003\001"​

Tech support has helped me pin my issue down to the delay code I added from #4. I adjusted the wait from 15s down to 2s but if I see an issue rise, I'll increase the wait and whitelist/allow gmail servers, instead. (Thank you Marvin C!)

I've pasted his response below, as it was helpful to me and may be helpful for others looking to collect mail from a service such as gmail.

Have a nice week, everyone.


We've narrowed it down a bit further; cPanel's Exim configuration will introduce a 15 seconds delay by default, and we disabled this but the delay still happened. It looks like there is some customization on the mail server that is attributing to this - the customization is:


# Do not enforce sync (and likewise delay) for these hosts
accept hosts =
control = no_enforce_sync
accept delay = 15s

which causes that 15 second delay. This is in WHM via Home »Service Configuration »Exim Configuration Manager in the advance editor.

As mentioned earlier Gmail is not waiting the allotted 15 seconds for STARTTLS, instead it tries to send data immediately so this gets a disconnect as shown earlier in the logs provided. In gmail settings SSL = TLS and that really means STARTTLS. Generally Gmail should be able to handle the 15 seconds delay but it is not.

This was edited to to 2 seconds for testing purposes and that allowed the gmail connection to work.​
I completed steps 1-6 and went from getting tons of spam all day to maybe three messages a week. Awesome thank you!

Unfortunately, I am getting complaints from users on my server that outgoing mail is slow to send. I too have noticed this. It takes maybe 5-10 seconds to send a message, where before it was nearly instantaneous. It's also causing some issues with some of my PHP scripts that send mail, since it times out. Any ideas??

** UPDATE **
I just read the post above this regarding custom_begin_connect. I lowered it to two seconds and that was the issue. I guess I was confused as to what this does, I didn't think it had anything to do with outgoing mail. Maybe someone can explain!
Any updates, changes or recommendations n this now that v60 is out. Seems they change quite a few things.

I am new to KH family (new SSD VPS they are setting up now) and cPanel and LS Server and looking for a cost effective way to help with SPAM and my new server. I have been in the business for almost 20 years, mainly on the design and development side, but have some lite server experience and use to use DirectAdmin, but it was managed and they did all the heavy lifting and advanced stuff for me.

Any help, updates on how to apply this or whatever is recommended to the latest cPanel/WHM would be a Life (SPAM) Saver for me. Lol

Or is there is now something "canned" that we can add or fairly cost effective that is better and well help, I am all ears.

Thank you all in advance!!!
I've been using ASSP Deluxe for spam control, but I think this is a better solution for me now. I've never used spam assassin so I am wondering if there is a way for my users to easily train or white list email addresses?

Also these messages are being rejected so I'm guessing there's no way to actaually allow a false positive to be delivered.