Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Blocking email with Exim4 using the IP

Discussion in 'E-mail Discussion' started by sting01, Oct 19, 2018.

  1. sting01

    sting01 Registered

    Joined:
    Oct 19, 2018
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Phuket
    cPanel Access Level:
    Root Administrator
    Hello,

    we are under a spam campaign with the infamous blackmailing ($524). Personaly I do not give sh*t, but my boss for various legal reasons it afraid the news of it will pop up.

    After examination I found only one common thing : while emails do have the FROM : myEmail@myCompany.com, the RECEIVED : from is clearly not our IP :

    Received: from [14.189.127.50] (helo=static.vnpt.vn)

    Assuming outr IP is 54.xxx.xxx.xxx that one is obviously coming from outside (Haiphong in Vietnam in that case).

    What is the correct spelling of the corresponding Header Variable? Is it $header_received_from?
    Or somehting else (please notice the full column after Received).

    Thanks very much

    Sting
     
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,252
    Likes Received:
    86
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    If you have CSF installed, you could add the offending IP the the CSF blocklist.
    One thing I find with frequent spam though, is that it's usually done by bots, where the IP will change, so whilst adding the IP may fix the issue today, it's likley to resurface from another source tomorrow.

    The way I normally get around this would be to create a global filter in cpanel, along the lines:

    If body contains "some common phrase"
    Then fail
    and discard the message.

    I guess you could just discard the message without the fail, but i live in hope that somewhere, someone will see the fail and realise his server/pc/email address may have been hacked and fix it.
     
    cPanelLauren likes this.
  3. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,124
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    I'd also like to add that when you create a global filter through the cPanel UI it uses:

    $header_from or $message_headers
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice