The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BoxTrapper return path hazard

Discussion in 'General Discussion' started by achille, Feb 8, 2006.

  1. achille

    achille Member

    Joined:
    Feb 8, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Greetings

    * Short version:
    How do you modify the Return-Path header for boxtrapper?

    * Long version:
    I am a CPANEL / WHM user and my Service Provider was unable to fix the following issue/problem/hazard:

    I have several email accounts setup, some of them have boxtrapper enabled, some do not. On the accounts where BoxTrapper IS enabled the emails sent by boxtrapper do not include a reply-to header, they have a Return-Path: header and it's of the following format:

    * Return-Path: main-account @ server hosting cpanel.

    And that's a problem since there are only a few emails setup to use boxtrapper and ther bounced messages are going to the main account directly.

    Scenario:
    * Main cpanel account is jeffb , hosted by server1.exampleisp.com
    * Jeffb's domain is jeffb.com,
    * Jeffb has extra email accounts: example1@jeffb.com, example2@jeffb.com
    * BoxTrapper is not enabled for the main account but is enabled for example2@jeffb.com

    # An email reaches boxtrapper at example2@jeffb.com. BoxTrapper sends a request back. The request bounces to the designated Return-Path account, in this case

    Return-Path: jeffb@server1.exampleisp.com

    That email address bypasses all filters setup to filter jeffb.com emails and arrives directly in my inbox. Ok, that's not a problem since I can filter it out with a client.

    What *IS* a problem is that now some spammers who got the "verification request" have apparently taken note of the jeffb@sever1.exampleisp.com email and are spamming me *DIRECTLY* to the main account. I'm thus forced to change username, only to have boxtrapper give out my new username in the return path. :mad:

    Two things need to be fixed here:
    a) at minimum, there needs to be some way to modify the return path as not to wreak havoc on the main account.
    a) If boxtrapper is only enabled for the example1@jeffb.com email, then boxtrapper return header path should be for that email only.
     
    #1 achille, Feb 8, 2006
    Last edited: Feb 12, 2006
  2. achille

    achille Member

    Joined:
    Feb 8, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    * Am I asking the question in the wrong place?
    I'm somewhat vexed at the lack of responses, maybe this forum is not what I thought it was. If a tester / developer took a note of the issue let me know.

    * Does cPanel come with support?
    My host is fairly big I'd expect them to have some support package of some kind.

    * Is there a way I can download the source code myself?
    Again, I'm a second hand user, but I'm a programmer and adding a modifying one header seems a one liner. Is there a system where I could propose such a change to the code?
     
  3. dkuntz

    dkuntz Member

    Joined:
    May 11, 2004
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    If your provider has any type of support with cPanel, you need to ask them to open a support ticket with cPanel.

    I do not believe the forums are to be used as an official support source. T
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Indeed. These forums are not for official support. If you have a problem that you would like addressed you need to log a ticket with cPanel through your cPanel license provider and/or log a n entry in bugzilla.
     
  5. gruvin

    gruvin Member

    Joined:
    Feb 20, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    The issue is very important to me too

    Well, for my two cents worth, as far as I am concerned, munging the Return-Path header just to stop a little spam is REALLY DUMB. It's a major design fault in cPanel in my opinion.

    If a site owner has a shopping cart and sells stuff they NEED to know when a Client who's paid them money for something they can't deliver enters their email address wrong (albeit twice perhaps) -- that is, they NEED to be getting the bounced messages -- not the root user of the web server. Duh.

    This idea of munging the Return-Path header to user @ host prevents that entirely. Doesn't it?. It also makes certain the legitimate sender of the email doesn't get bounce notification and THAT, surely, is breaking the mail RFCs in several places. Well aint it?

    On the other hand -- if someone knows how (on a cPanel site) to ensure bounce messages come to a configurable address... (Reply-To does NOT do it.) then PLEASE share it. Is there some other header all MTAs will honor for bounce addresses?

    Thanks! Have a great day.
     
  6. achille

    achille Member

    Joined:
    Feb 8, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
  7. achille

    achille Member

    Joined:
    Feb 8, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    it's been several months... has this been fixed yet?
     
  8. benito

    benito Well-Known Member

    Joined:
    Jan 8, 2004
    Messages:
    296
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Mar del Plata - Argentina
    I dont think, i still receiving all boxtrapper bounces to my main account.
     
Loading...

Share This Page