Anyway to reject outgoing email if the sender domain doesn't host in the server.

belon_cfy

Member
Apr 10, 2007
17
0
151
Hi
Recently we are experiencing massive of spam due to email account been compromised. Usually the spammer will forge the sender account from any domain does not hosted in the server such as hotmail.com and yahoo.com.

Is there anyway we can implement a rules to prevent those email been sending out? Can we match the sender domain to ensure it is available in the server before sending out the email?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello :)

The following option under the "Mail" tab in "WHM Home » Service Configuration » Exim Configuration Manager" might be helpful:

"EXPERIMENTAL: Rewrite From: header to match actual sender"

Per it's description:

If you enabled this option, the From: header will be rewritten to be the email address of the actual message sender. If you choose the "remote" option, only messages that are being sent to remote destinations will be affected.

This should help you to detect which account is sending out the SPAM. Also, the following document is a good place to start:

cPanel - Prevent Email Abuse

Thank you.
 

belon_cfy

Member
Apr 10, 2007
17
0
151
Hello :)

The following option under the "Mail" tab in "WHM Home » Service Configuration » Exim Configuration Manager" might be helpful:

"EXPERIMENTAL: Rewrite From: header to match actual sender"

Per it's description:

If you enabled this option, the From: header will be rewritten to be the email address of the actual message sender. If you choose the "remote" option, only messages that are being sent to remote destinations will be affected.

This should help you to detect which account is sending out the SPAM. Also, the following document is a good place to start:

cPanel - Prevent Email Abuse

Thank you.
Hi ,
The option is good for tracing however it can't mitigate the issue on sending with forge address. I will prefer to reject those email instead of alter the header.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
It really depends on how the sender's address is being spoofed. Is it simply the "FROM" part of the message header that is spoofed? Typically, the best way to resolve this issue is to disable or suspend the offending user from your system. Also, enabling SpamAssassin for outgoing email might help to prevent the message from sending out to the remote server.

Thank you.
 

mpkapadia

Active Member
Apr 10, 2002
41
0
306
Hello

You Can Try This.
Go to Exim Configuration > Advanced Settings

Find this
custom_begin_ratelimit ( In this Section which is blank by default add the 2 lines below )
Note - Not under custom_begin_ratelimit_spam ( Be careful )
-----------------------------------------------------------
deny ! sender_domains = lsearch;/etc/localdomains
! domains = lsearch;/etc/localdomains
-----------------------------------------------------------

Regards.