Cpanel mail forwarding resulting in SPAM and bad headers

Operating System & Version
CentOS v7.9.2009 STANDARD standard
cPanel & WHM Version
11.102.0

oleymedia

Member
Nov 26, 2014
7
0
51
cPanel Access Level
Root Administrator
How can I circumvent spam errors when using a mail forwarder in cPanel?

I have a domain which I have configured an email forwarder to forward all emails sent to so all my emails land in my Gmail Inbox.

I am receiving emails from trusted external sources but they are going to spam more often than not AND the email address in Gmail shows
Code:
[email protected] via mydomain.com
This also results in bad headers where it fails:
  • Problem Icon
    DMARC Compliant (No DMARC Record Found)
    • Ok Icon
      SPF Alignment
    • Problem Icon
      SPF Authenticated
    • Problem Icon
      DKIM Alignment
    • Problem Icon
      DKIM Authenticated
I have contacted my server host but they dont know what is happening. Is there anyway to fix this or is there a recommended workaround?
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,032
1,740
363
cPanel Access Level
Root Administrator
Hey there! Do you have root access to both the mail server and the DNS? The first thing I'd check would be to scan the domain here:


using the "SPF" option from the dropdown menu, just to see if there really is an issue with the SPF record being published. If so, you'd want to ensure those records are properly added to the DNS zone, which may or may not be managed on the same server as your domain and cPanel access.
 

oleymedia

Member
Nov 26, 2014
7
0
51
cPanel Access Level
Root Administrator
Yes, MXToolbox is how I was able to obtain the headers report that I used in the OP.

That's the whole point of the thread - there will always be an SPF/DKIM problem if cPanel forwards emails the way it does and I don't think forwarding is an actual possibility in this over secure email world anymore.

1. The email is forwarded from the cPanel server IP (mydomain.com IP address) BUT none of the original senders SPF records will have the cPanel server IP of mydomain.com setup in their server so it will always fail (they will have their own server IP)
2. The DKIM signature on the email will be that of the original senders server/domain BUT Gmail sees the email coming from MY server (e.g. via mydomain.com) and validates against mydomain.com public DKIM (which will always fail)
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,032
1,740
363
cPanel Access Level
Root Administrator
I believe if forwarding was broken in general, we'd be seeing much more activity about similar issues. I have forwarders setup on my personal machine and those messages don't get filtered to spam at major providers (Yahoo and Gmail).

Do you know how the SPF record is configured on the domain?
 

oleymedia

Member
Nov 26, 2014
7
0
51
cPanel Access Level
Root Administrator
Yes, it is a ~all - mydomain.com spf:

v=spf1 +a +mx +ip4:xxx.xxx.xxx.xxx +ip4:xxx.xxx.xxx.xxx ~all

senderdomain.com - obviously I don't have control over other companies spf records
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,032
1,740
363
cPanel Access Level
Root Administrator
Thanks for that - the only piece of the puzzle then would be the sender domain, then, which is outside of your control. I can confirm that cPanel itself handles the forwards properly, so it sounds like something is misconfigured on the senderdomain.com end.
 

oleymedia

Member
Nov 26, 2014
7
0
51
cPanel Access Level
Root Administrator
It is not just this sender domain - it is every sender domain.
The sender domain SPF is correct - as detailed by mxtoolbox - it just doesn't match the spf of mydomain - which it should never be checking... But for some unknown reason, Exim is rewriting the headers during the forward.
cPanel/Exim is not handling the forward properly however, it appears seeking help here is a dead end.
 

Spirogg

Well-Known Member
Feb 21, 2018
700
155
43
chicago
cPanel Access Level
Root Administrator
It is not just this sender domain - it is every sender domain.
The sender domain SPF is correct - as detailed by mxtoolbox - it just doesn't match the spf of mydomain - which it should never be checking... But for some unknown reason, Exim is rewriting the headers during the forward.
cPanel/Exim is not handling the forward properly however, it appears seeking help here is a dead end.
have you tired forwarding from the filter section on Cpanel ?

Screen Shot 2022-03-01 at 10.24.53 PM.pngScreen Shot 2022-03-01 at 10.25.11 PM.pngScreen Shot 2022-03-01 at 10.25.42 PM.png
1646195243053.png

I believe there is a way to also discard the email from your server to not take-up space after it has been forwarded.
you can maybe get some help more on this from @cPRex or your hosting company if they know or some more googling. this might help you and work better.

worth a try

Kind Regards,
Spiro
 
Last edited:

Spirogg

Well-Known Member
Feb 21, 2018
700
155
43
chicago
cPanel Access Level
Root Administrator

Spirogg

Well-Known Member
Feb 21, 2018
700
155
43
chicago
cPanel Access Level
Root Administrator
@oleymedia - could you submit a ticket with our team so we can examine that specific situation on the server?
@cPRex
in tweak settings, there is a
Exim Configuration Manager

setting

Enable Sender Rewriting Scheme (SRS) Support [?]
This option rewrites sender addresses so that the email appears to come from the forwarding mail server. This allows forwarded email to pass an SPF check on the receiving server.

do you think this setting might help ?
 

oleymedia

Member
Nov 26, 2014
7
0
51
cPanel Access Level
Root Administrator
have you tired forwarding from the filter section on Cpanel ?
Is using filters more reliable than actual email forwarding? I just use the standard forwarding feature in cPanel.

Enable Sender Rewriting Scheme (SRS) Support [?]
This option rewrites sender addresses so that the email appears to come from the forwarding mail server. This allows forwarded email to pass an SPF check on the receiving server.
I have had this activated however, the issue still persists.

I suppose it's possible and it wouldn't hurt to try. I just think the root cause is something on the original sender side that the user may not have control over.
The problem is that it is not just one sender - it is every sender - this is why I believe it's a cPanel issue ... or, more to the point, I believe that with the over-complication of email security including DKIM, SPF etc... forwarding has become insecure and can no longer be properly verified?
 

Spirogg

Well-Known Member
Feb 21, 2018
700
155
43
chicago
cPanel Access Level
Root Administrator
Is using filters more reliable than actual email forwarding? I just use the standard forwarding feature in cPanel.
Im not too sure, but I like the feature of deleting the email form the server before it even gets written. just gets forwarded to me.
I have only had issues sometimes- it gets put into gmail spam folder then I go to spam select NOT SPAM for that email and then it works.. once I had 35 emails sent to spam and I went through each one of them and said NOT SPAM so google won't block those emails..

I also had issue with outlook.com emails not getting there, but that was and ISP issue with the IP range being blocked, So I emailed support for my ISP for the server IP's and they got them waitlisted from outlook emails and started to go through

so not sure if Gmail also blocks IP ranges from ISP's if they do then that could be an issue as well. not y9ur iP is bad but another IP in your range is spam sending and you get penalized as well... that's what happened to me with outlook emails from my server not going out or even forwarded to my email address. :( go figure

I have had this activated however, the issue still persists.
do you have reverse dns setup with your own domain for that IP address that is sending email. sorry I don't remember if I asked that or if you mentioned you did or did not.

because that was another issue in the begeinung of setting up my server cPanel/whm

my ip did not have my hostname as the reverse PTR record.
So I emailed support for my hosting company - where I rent my server's from and they changed it to my hostname.mydomain .com
then emails started working correctly.. as I also have 5 IP's on that server I asked for them all to be setup reverse dns PTR cause some will use other IP's to send email as well.

sorry I am all out of Suggestions - other than the one above reverse dns PTR records.

when you go to WHM home/email/Email Deliverability
do you see any issues on that page ?

Use this interface to reduce the number of emails sent from this server that end up in spam folders. For more information, read our Email Deliverability documentation.

that's all I can think of. sorry if that was not helpful. :(

Kind Regards,
Spiro