The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Boxtrapper usage HAZARD

Discussion in 'General Discussion' started by achille, Feb 11, 2006.

Thread Status:
Not open for further replies.
  1. achille

    achille Member

    Feb 8, 2006
    Likes Received:
    Trophy Points:

    * Short version:
    How do you modify the Return-Path header for boxtrapper?

    * Long version:
    I am a CPANEL / WHM user and my Service Provider was unable to fix the following issue/problem/hazard:

    I have several email accounts setup, some of them have boxtrapper enabled, some do not. On the accounts where BoxTrapper IS enabled the emails sent by boxtrapper do not include a reply-to header, they have a Return-Path: header and it's of the following format:

    * Return-Path: main-account @ server hosting cpanel.

    And that's a problem since there are only a few emails setup to use boxtrapper and ther bounced messages are going to the main account directly.

    * Main cpanel account is jeffb , hosted by
    * Jeffb's domain is,
    * Jeffb has extra email accounts:,
    * BoxTrapper is not enabled for the main account but is enabled for

    # An email reaches boxtrapper at BoxTrapper sends a request back. The request bounces to the designated Return-Path account, in this case


    That email address bypasses all filters setup to filter emails and arrives directly in my inbox. Ok, that's not a problem since I can filter it out with a client.

    What *IS* a problem is that now some spammers who got the "verification request" have apparently taken note of the email and are spamming me *DIRECTLY* to the main account. I'm thus forced to change username, only to have boxtrapper give out my new username in the return path. :mad:

    Two things need to be fixed here:
    a) at minimum, there needs to be some way to modify the return path as not to wreak havoc on the main account.
    a) If boxtrapper is only enabled for the email, then boxtrapper return header path should be for that email only.

    Small note: There are some that believe boxtrapper (or any other challenge system) should never be used, I only use it for messages with High spam rating.
  2. dgbaker

    dgbaker Well-Known Member

    Sep 20, 2002
    Likes Received:
    Trophy Points:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Please do not cross-post, one post is enough.
Thread Status:
Not open for further replies.

Share This Page