Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Block e-mail forging

Discussion in 'E-mail Discussion' started by Silent Ninja, Sep 13, 2011.

  1. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Buenos Aires, Argentina
    I'm searching for a way to avoid exim sending e-mails as domains not hosted by me.

    As an example...

    1. An user using email@localdomain.com logs in via SMTP
    2. He should be able to send e-mails as email@localdomain.com, since that domain is on /etc/localdomains
    3. But he sends an e-mail editting the "from" address impersonating another.mail@yahoo.com
    4. yahoo.com obviously is not on /etc/localdomains, and thus I want that e-mail to be blocked

    Is there any way to do this with exim e-mail filtering ?

    This would really block a lot of outgoing spam, mostly phishing from hacked accounts.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    I believe the following should prevent spoofing in webmail. I am uncertain if this would work for emails sent by a remote client:

    Code:
    acl_check_data:
    deny
     authenticated	 = *
     condition = ${if or {{ !eqi{$authenticated_id} {$sender_address} }\
      { !eqi{$authenticated_id} {${address:$header_From:}} }\
     }\
     }
     message	 = Your FROM must be as the account you have authenticated with
    This would go into the box where it has begin acl directly about it (the second box in the WHM > Exim Configuration Editor > Advanced Editor). If you want to prevent not authenticating for scripts and force SMTP authentication for those scripts, you would need to revoke sendmail.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Buenos Aires, Argentina
    Damn, I forgot about the php-mailer...

    Could you do that avoiding the user "nobody"? (I'm using mod_php)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If the user nobody cannot send, then that is true you won't be able to use sendmail for scripts if you disable nobody from sending under mod_php (DSO).
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice