Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Blocking local relays

Discussion in 'E-mail Discussion' started by brianell, Aug 5, 2009.

  1. brianell

    brianell Member

    Jul 27, 2009
    Likes Received:
    Trophy Points:

    I am an absolutely newbie at Exim and Nix boxes. Currently running the following setup: cPanel 11.24.5-S37946 - WHM 11.24.2 - X 3.9
    CENTOS 5.3 i686 Exim Version 4.69

    My problem is that I have some users who have created a generic account allowing third parties to access my smtp server to send mail. Basically this is noticed by virtue of the user doing a login, then the mail does not have a "from" or "reply to" address within any of the domains I host.

    From the Exim Log.
    2009-08-03 09:27:32 1MXrxB-0005cP-8E <= H=(chengeta2) []:55071 I=[]:25 P=esmtpa S=1281 T="RE: QUOTATIONS" from <> for
    2009-08-03 09:27:36 SMTP connection from (chengeta2) []:55071 I=[]:25 closed by QUIT is not a domain I host. The party is logging in to a generic account ( and utilising our SMTP transport. I do host

    I would like to block this (and a few others) and figure it must be an ACL issue with a list of allowed domains in the sender envelope, but have no clue as to how to do this, and not want to "break" the EXIM server running on my box.

    The easiest as I can see it would be to have a file with the domains I host all listed, and when a "login" occurs, this list is referenced to see if it can allow the sender envelope to pass the message.

    Looking forward to learning how to do this.....

  2. thewebhosting

    thewebhosting Well-Known Member

    May 9, 2008
    Likes Received:
    Trophy Points:
    According to the logs it seems that its a spoofing mail. You can add SPF record to stop the spoofing mails. However, there is no gurantee to stop 100% spoofing mails. To the alternative to this you need to change the password of the email address or band the email address.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice