Email account is receiving lots of spam bounces

[pedgarc]

Hello there,

Actually an email account is receiving bounces like this: Mail delivery failed: returning message to sender.

When I see the headers, the bounce is because of is sending spam, but when I search Mail Delivery Reports, and exim_mainlog/maillog, the e-mail log is not there!

Also, the header looks like this:

Mail delivery failed: returning message to sender
From Mail Delivery System on 2021-08-31 21:47
From Mail Delivery System
To [email protected]
Action: failed
Final-Recipient: rfc822;[email protected]_domain.com
Status: 5.0.0
Return-path: <[email protected]>
Received: from [195.33.210.155] (port=45960 helo=dnztech.net)
by nd6.rackslot.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <[email protected]>)
id 1mL21b-0007Qg-QE
for [email protected]_domain.com; Tue, 31 Aug 2021 06:33:57 -0500
Received: from webmail.paksaglik.com (localhost [IPv6:::1])
by dnztech.net (Postfix) with ESMTPSA id D8A34408FB7E;
Tue, 31 Aug 2021 12:26:08 +0300 (+03)
Authentication-Results: dnztech.net;
spf=pass (sender IP is ::1) smtp.mailfrom=[email protected] smtp.helo=webmail.paksaglik.com
Received-SPF: pass (dnztech.net: connection is authenticated)
MIME-Version: 1.0
Date: Tue, 31 Aug 2021 10:26:08 +0100
From: John Doe <[email protected]>

I don't know why the e-mail was sent from webmail.paksaglik.com and envelope-from from my customer email account ([email protected]), any idea about how to stop this?

Thanks in advance, and sorry for my bad english.

 

[cPRex]

Hey there! It sounds like your email address was spoofed to send fake messages, and you are receiving the bounceback of those messages. There isn't a 100% guaranteed way to stop this behavior, as spammers often make up addresses at random, but I would recommend ensuring that you have SPF and DKIM records in place. This will ensure that legitimate email you do send is marked as valid, and should eventually help the spammers fake messages get blocked.

Details on how to check the mail deliverability settings can be found here: Email Deliverability in cPanel | cPanel & WHM Documentation

 

[pedgarc]

Hey there! It sounds like your email address was spoofed to send fake messages, and you are receiving the bounceback of those messages. There isn't a 100% guaranteed way to stop this behavior, as spammers often make up addresses at random, but I would recommend ensuring that you have SPF and DKIM records in place. This will ensure that legitimate email you do send is marked as valid, and should eventually help the spammers fake messages get blocked.

Details on how to check the mail deliverability settings can be found here: Email Deliverability in cPanel | cPanel & WHM Documentation

Hello there cPRex! First of all thank you for reply, I have configured SPF, DKIM and SPR records on cPanel, also since yesterday I changed ~all attribute to - all on SPF.

So, in this case we can not do anything right? I found a post about backscatter, is a good idea follow these steps?

Thanks!

 

[cPRex]

Sure - that's a great idea and I didn't come across that in my search!

 

[pedgarc]

Sure - that's a great idea and I didn't come across that in my search!

Great cPRex! I have added those lines in Exim configuration, thanks for your time and have a great day!

 

[cPRex]

You too!