Anyway to reject outgoing email if the sender domain doesn't host in the server.

belon_cfy · Mar 28, 2014

Hi
Recently we are experiencing massive of spam due to email account been compromised. Usually the spammer will forge the sender account from any domain does not hosted in the server such as hotmail.com and yahoo.com.

Is there anyway we can implement a rules to prevent those email been sending out? Can we match the sender domain to ensure it is available in the server before sending out the email?

cPanelMichael · Apr 1, 2014

Hello

The following option under the "Mail" tab in "WHM Home » Service Configuration » Exim Configuration Manager" might be helpful:

"EXPERIMENTAL: Rewrite From: header to match actual sender"

Per it's description:

If you enabled this option, the From: header will be rewritten to be the email address of the actual message sender. If you choose the "remote" option, only messages that are being sent to remote destinations will be affected.

This should help you to detect which account is sending out the SPAM. Also, the following document is a good place to start:

cPanel - Prevent Email Abuse

Thank you.

belon_cfy · Apr 4, 2014

cPanelMichael said:
Hello

The following option under the "Mail" tab in "WHM Home » Service Configuration » Exim Configuration Manager" might be helpful:

"EXPERIMENTAL: Rewrite From: header to match actual sender"

Per it's description:

If you enabled this option, the From: header will be rewritten to be the email address of the actual message sender. If you choose the "remote" option, only messages that are being sent to remote destinations will be affected.

This should help you to detect which account is sending out the SPAM. Also, the following document is a good place to start:

cPanel - Prevent Email Abuse

Thank you.

Hi ,
The option is good for tracing however it can't mitigate the issue on sending with forge address. I will prefer to reject those email instead of alter the header.

cPanelMichael · Apr 7, 2014

It really depends on how the sender's address is being spoofed. Is it simply the "FROM" part of the message header that is spoofed? Typically, the best way to resolve this issue is to disable or suspend the offending user from your system. Also, enabling SpamAssassin for outgoing email might help to prevent the message from sending out to the remote server.

Thank you.

mpkapadia · Apr 9, 2014

Hello

You Can Try This.
Go to Exim Configuration > Advanced Settings

Find this
custom_begin_ratelimit ( In this Section which is blank by default add the 2 lines below )
Note - Not under custom_begin_ratelimit_spam ( Be careful )
-----------------------------------------------------------
deny ! sender_domains = lsearch;/etc/localdomains
! domains = lsearch;/etc/localdomains
-----------------------------------------------------------

Regards.

Thread starter	Similar threads	Forum	Replies	Date
C	IP Blacklisted. Anyway to change e-mail IP?	Email	2	Apr 1, 2017
J	UNLIMITED email quota - Anyway to remove this option yet?	Email	1	Apr 13, 2013
R	Anyway to check sent emails in WHM?	Email	2	Jun 29, 2008
J	Mailman templates and where is it all anyway?	Email	6	Feb 4, 2007
S	is there anyway to do a email	Email	0	Jan 25, 2007

Search

Search

Anyway to reject outgoing email if the sender domain doesn't host in the server.

belon_cfy

Member

cPanelMichael

Administrator

belon_cfy

Member

cPanelMichael

Administrator

mpkapadia

Active Member