The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blocking inbound spam from fake domains on my server(s)

Discussion in 'E-mail Discussions' started by koda, Feb 12, 2014.

  1. koda

    koda Well-Known Member

    Joined:
    Jan 10, 2014
    Messages:
    57
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    What I'm trying to obtain is this. We often receive spam emails FROM address/domains (even with fake address but correct domain) that are hosted on our server.
    In the headers the Return-path is correct, the Envelope-to is correct and so on. The only thinkg that doesn't match of course is the IP of the server which sent the email since it didn't originate from our server. I mean none of our emails has been scammed, is just someone using a different server to send US spam with our emails.
    Is there a way to block this? I mean something to mark as spam (or delete straight away) all INCOMING email from domains on the mail server but sent from a different IP? Or more generic all incoming email from a list of domains but whose IP is not included in a list of IPs? (this last option would give more flexibility when for example you have multiple servers with different domains but wich send mails each other like for example in a single organization with multiple domains and multiple servers for each domain)
    Thanks in advance for your suggestions.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You could enable the following option in "WHM Home » Service Configuration » Exim Configuration Manager" under the "ACL Options" tab to help prevent these types of emails:

    "Reject SPF failures"

    This will reject mail at SMTP time if the sender fails SPF checks.

    Thank you.
     
  3. koda

    koda Well-Known Member

    Joined:
    Jan 10, 2014
    Messages:
    57
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hallo Michael thanks. But won't this prevent domains who don't have spf record to be rejected as well? Or just SPF mismatch where an SPF record IS present?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, this will reject emails from domain names without valid SPF records, not just mismatches. You can leave it disabled, but it's the best way to prevent the type of email messages you have described. Another option would be to manually block the IP addresses that sent you the spoofed messages.

    Thank you.
     
Loading...

Share This Page