The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anyway to reject outgoing email if the sender domain doesn't host in the server.

Discussion in 'E-mail Discussions' started by belon_cfy, Mar 28, 2014.

  1. belon_cfy

    belon_cfy Member

    Joined:
    Apr 10, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Hi
    Recently we are experiencing massive of spam due to email account been compromised. Usually the spammer will forge the sender account from any domain does not hosted in the server such as hotmail.com and yahoo.com.

    Is there anyway we can implement a rules to prevent those email been sending out? Can we match the sender domain to ensure it is available in the server before sending out the email?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The following option under the "Mail" tab in "WHM Home » Service Configuration » Exim Configuration Manager" might be helpful:

    "EXPERIMENTAL: Rewrite From: header to match actual sender"

    Per it's description:

    If you enabled this option, the From: header will be rewritten to be the email address of the actual message sender. If you choose the "remote" option, only messages that are being sent to remote destinations will be affected.

    This should help you to detect which account is sending out the SPAM. Also, the following document is a good place to start:

    cPanel - Prevent Email Abuse

    Thank you.
     
  3. belon_cfy

    belon_cfy Member

    Joined:
    Apr 10, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Hi ,
    The option is good for tracing however it can't mitigate the issue on sending with forge address. I will prefer to reject those email instead of alter the header.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It really depends on how the sender's address is being spoofed. Is it simply the "FROM" part of the message header that is spoofed? Typically, the best way to resolve this issue is to disable or suspend the offending user from your system. Also, enabling SpamAssassin for outgoing email might help to prevent the message from sending out to the remote server.

    Thank you.
     
  5. mpkapadia

    mpkapadia Active Member

    Joined:
    Apr 10, 2002
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Hello

    You Can Try This.
    Go to Exim Configuration > Advanced Settings

    Find this
    custom_begin_ratelimit ( In this Section which is blank by default add the 2 lines below )
    Note - Not under custom_begin_ratelimit_spam ( Be careful )
    -----------------------------------------------------------
    deny ! sender_domains = lsearch;/etc/localdomains
    ! domains = lsearch;/etc/localdomains
    -----------------------------------------------------------

    Regards.
     
Loading...

Share This Page