The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Block e-mail forging

Discussion in 'E-mail Discussions' started by Silent Ninja, Sep 13, 2011.

  1. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    I'm searching for a way to avoid exim sending e-mails as domains not hosted by me.

    As an example...

    1. An user using email@localdomain.com logs in via SMTP
    2. He should be able to send e-mails as email@localdomain.com, since that domain is on /etc/localdomains
    3. But he sends an e-mail editting the "from" address impersonating another.mail@yahoo.com
    4. yahoo.com obviously is not on /etc/localdomains, and thus I want that e-mail to be blocked

    Is there any way to do this with exim e-mail filtering ?

    This would really block a lot of outgoing spam, mostly phishing from hacked accounts.
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    I believe the following should prevent spoofing in webmail. I am uncertain if this would work for emails sent by a remote client:

    Code:
    acl_check_data:
    deny
     authenticated	 = *
     condition = ${if or {{ !eqi{$authenticated_id} {$sender_address} }\
      { !eqi{$authenticated_id} {${address:$header_From:}} }\
     }\
     }
     message	 = Your FROM must be as the account you have authenticated with
    This would go into the box where it has begin acl directly about it (the second box in the WHM > Exim Configuration Editor > Advanced Editor). If you want to prevent not authenticating for scripts and force SMTP authentication for those scripts, you would need to revoke sendmail.
     
  3. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    Damn, I forgot about the php-mailer...

    Could you do that avoiding the user "nobody"? (I'm using mod_php)
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If the user nobody cannot send, then that is true you won't be able to use sendmail for scripts if you disable nobody from sending under mod_php (DSO).
     
Loading...

Share This Page