The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Clients receiving spam from themselves, but not being sent from server?

Discussion in 'E-mail Discussions' started by GreenQ, Sep 26, 2016.

Tags:
  1. GreenQ

    GreenQ Registered

    Joined:
    Sep 26, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Hi,

    I am currently experiencing an issue where users are receiving SPAM from themselves. Could you kindly assist? I have root access (cloud server).
     
    #1 GreenQ, Sep 26, 2016
    Last edited by a moderator: Sep 28, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you provide an example from /var/log/exim_mainlog when this happens? EX:

    Code:
    exigrep MSGID /var/log/exim_mainlog
    Replace "MSGID" with the message ID listed in the headers of one of the messages.

    Thank you.
     
  3. GreenQ

    GreenQ Registered

    Joined:
    Sep 26, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    2016-10-02 18:39:10
    Code:
    1bqjn0-000DNS-6b H=([210.56.17.83]) [210.56.17.83]:24920 Warning: "SpamAssassin as wwwgreenqco detected message as spam (27.6)"
    2016-10-02 18:39:10 1bqjn0-000DNS-6b <= maflores@example.com.mx H=([210.56.1                  7.83]) [210.56.17.83]:24920 P=esmtp S=4526 id=F66DE9AAA4722EE77CF8BBB5633FF66D@7                  R1JPD77R T="From International Company" for info@domain.co.za
    2016-10-02 18:39:10 1bqjn0-000DNS-6b => info <info@domain.co.za> R=virtual_user                   T=dovecot_virtual_delivery C="250 2.0.0 <info@domain.co.za> kAjXKi448Vf2yAAAHoDy                  TA Saved"
    2016-10-02 18:39:10 1bqjn0-000DNS-6b Completed
    
     
    #3 GreenQ, Oct 2, 2016
    Last edited by a moderator: Oct 2, 2016
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    This suggests SpamAssassin is accurately detecting the spoofed message as SPAM. Emails with spoofed "FROM" addresses are common SPAM techniques, but you can safely ignore this when SpamAssassin correctly blocks the message. In cPanel version 58, SPF checking is automatically enabled through SpamAssassin to help prevent these types of emails.

    Thank you.
     
    SysSachin likes this.
  5. phillbooth

    phillbooth Active Member

    Joined:
    Sep 9, 2013
    Messages:
    39
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    SPF checking will only work if you have an SPF in the domains DNS. I would advise you to use a DKIM as well.

    You need to go to Cpanel > EMAIL > Authentication and make sure these are added.

    If you use an external DNS service, rather than your server own PowerDNS service then you will have to copy the SPF the DKIM if your data over.
     
Loading...

Share This Page