Spoofing Mail From My Server
Hello people,
I have a problem with some of my clients. I have some servers and some of my clients send mail authenticating with their mails but using other accounts (out of my clients) as sender, for example:
Client: clientone.com
Authenticate Email: admin@clientone.com
Sender Email: marketing@anydomain.com
How could I do to take control about mails which go out from my server or even go in from accounts of my clients with characteristics above?
Thank you for your help.
Ensure Exim, the mail transport agent (MTA), always sets the Sender header
To counteract this type of issue you can set the local mail server (Exim) to always set the Sender header of outgoing messages.Originally Posted by ARWEB
The following setting should help:
WHM: Main >> Service Configuration >> Exim Configuration Editor >> Standard Options >> Mail
- Set the Sender: Header when the mail sender changes the sender (-f flag passed to sendmail).
Always set the "Sender:" header when the sender differs from the actual sender. Unchecking this will stop "On behalf of" data in Microsoft® Outlook, but may limit your ability to track abuse of the mail system.
cPResources: Submit a Support Request - Submit a Bug Report - Review existing Tickets-- Donald cPanelDon Holl - Analyst, cPanel Quality Assurance
Don't work this option
By default this option is unchecked. I did test and I could send always. I checked this option and I could send always too so what's the difference????
I have a domain @domain.com
I have an account myname@domain.com
I send mails trought myname@domain.com but using othername@domain.com and I receive mails from this accout.
Do you think I'm doing something wrong? Do I need to restar exim? In this case @domain.com and the target accounts in @otherdomain.com are in the same DNS.
Please, help me, thank you.
Also wrong
I restart EXIM and I can send mails too. I was trying trought webmail and outlook but in this case, next to restart EXIM when I try to send mails from webmail I receive it but if I send mails from Outlook I don't received them.
Could you explain me better this option? Could you say me If I can do the same for webmail to block this kind of message?
Thank you for your news.
Bye.
The option to always set the Sender header does exactly as the option is described, it ensures that Exim always sets the correct Sender header of an outbound message sent via the local Exim MTA.
The aforementioned Exim configuration option is not designed to block mail from sending; that is not the intention. To verbosely clarify, the intention is to ensure the Sender header is always set and set correctly to the true sender of the outbound message.
Please be aware that an e-mail Sender header may differ from the e-mail From header; thus, to see the Sender header you might have to View Source of the received message in order to see the full e-mail header details that are involved.
By having the Sender header set, you can, therefore, decide how to handle the individual message once received via your mail client software, such as Mozilla Thunderbird or Microsoft Outlook, both of which allow you to view the full e-mail headers of a received message.
cPResources: Submit a Support Request - Submit a Bug Report - Review existing Tickets-- Donald cPanelDon Holl - Analyst, cPanel Quality Assurance
Example!!!!
Do you think, you can give me an example to do test by webmail and by Outlook?
And, other question, Could CPANEL Ensure Exim use this option for specific user? with some addon?
Thank you very much.
Fail option
I tried with this option and I received all mails so this option doesn't work correctly or do you think some other option can be relationship?
I will be waiting for your news and for your example.
Thank you.
Authentication and sending mail are two separate things.
You can always take the message ID from the headers of the sent message and review your exim logs for that message ID to find out what SMTP authentication was used. This may require extended exim logging, I'm not sure.
Regarding an option to enforce a failure of messages with a mismatched Sender header versus the From header, I cannot guarantee if this will work or how well it may work, but I would try something like what is suggested in the following thread in the Exim Users mailing list:
cPResources: Submit a Support Request - Submit a Bug Report - Review existing Tickets-- Donald cPanelDon Holl - Analyst, cPanel Quality Assurance
is there still any solution to this... i am even facing the same problem as sender1 is able to send mail from sender2 authentication.... pl suggest
Asking...........
cPanelDon I don't know about how to put two option from both links
Re: [exim] How to compare FROM header against SMTP account authenticated?
and
Re: [exim] How to compare FROM header against SMTP accountauthenticated?
Could you help me?
Thank you.
The custom Exim ACL may be applied using WHM via the following menu path:
- WHM: Main >> Service Configuration >> Exim Configuration Editor >> Advanced Editor >> begin acl
cPResources: Submit a Support Request - Submit a Bug Report - Review existing Tickets-- Donald cPanelDon Holl - Analyst, cPanel Quality Assurance
There are different verifications you can setup both outbound and inbound but it should be noted that there is nothing that can be done about forged from headers as email unfortunately was not designed to prevent this.
In example, I can send email from anyone I wish and I could easily send out email saying I'm actually the President of the United States or anyone I wish and have that shown as my "From" and "Reply-To" headers but most servers out there are going to kick my mail because I am not sending from the correct IP address associated with that domain name but in some cases, I might actually be able to get away with the forged header.
If your user is authorized to send through your server and have verified themselves, they are indeed able to setup any header they wish and claim to be anyone they wish as well on or off your server ----
However, nothing stops you from appending extra headers that identifies their true identity and Cpanel has a number of options in both "Exim Configuration" and "Tweak Settings" pertaining to this specifically.
[strike]Could you please elaborate how exactly it does this? Here is an email sent with this option NOT selected; no Sender header, as expected. But here is another one with the option selected and sender forged as well; still no Sender header.[/strike]
Edited to add: OK, ignore me pls. must read the docs more closely. Totally missed the 'local' part
Last edited by thobarn; 05-15-2010 at 01:15 PM.
There is nothing that can be done to stop forged headers themselves but with a few configuration options like those mentioned, the forgeries will become obvious and information tracing back to the real source included.Edited to add: OK, ignore me pls. must read the docs more closely. Totally missed the 'local' part
LinkBack URL
About LinkBacks
Reply With Quote