vincentg

Well-Known Member
May 12, 2004
158
3
168
new york
Having been getting these messages for quite some time with no way to block them I think it would be nice if Cpanel can some how add spam checking to an alias.

I have an email forward setup to send emails to my WHMCS support system and to message my cell phone.

I keep getting these messages where I believe the IP's are not real.
Email address: qNIFMgxEzc
Subject: vOUHpqERSr
Message: uRmcLypvhSPi

There is no way to block this
 

vincentg

Well-Known Member
May 12, 2004
158
3
168
new york
All I get is an IP address which the list of IP's just keeps growing which leads me to believe they are not real.
220.246.39.206
125.208.105.212
31.163.136.38
182.74.163.250
14.169.245.243
41.47.67.122
98.153.88.118
103.220.159.202
118.69.21.150
113.172.244.179
211.75.13.207
62.48.200.140
88.85.241.182

Never see the same IP twice

If I create the email account spam assassin works.

The header is useless as the sender is me as I am the forwarder.
 

vincentg

Well-Known Member
May 12, 2004
158
3
168
new york
There are no entries in Var/logs for these emails
Checked all logs and see nothing.
I have two forwards set up
One that send it to a WHMCS PHP script
The other that sends it to my cell phone as a message.

Both get this email

Why there is no log entry - maybe you can shed some light on it?
 

vincentg

Well-Known Member
May 12, 2004
158
3
168
new york
Got an entry for them if I grep the subject in exim mainlog which for one is UJcXahesESKN
Comes back with an email address
I only see one for the forward to my cell phone
There is no entry for the pipe at all if we grep pipe.php
Other legitimate support emails do show for grep pipe.php

I have no actual email as this is a pipe to the whmcs support system
All I have is:

Ticket #386619 has been opened by zZNXayuJfj.
Client: zZNXayuJfj
Department: Pre-sales
Subject: UJcXahesESKN
Priority: High
ZyGDihwvxAFq


IP Address: 98.230.46.218

At first I tried grep for zZNXayuJfj
And it returns nothing

But this has been a problem with cpanel for a long time - if you forward emails to let say your ISP email address the spam is forwarded also!
20 years later and Cpanel still can not spam filter a alias ???
Why can't this be filtered prior to the forward?

I maybe able to stop these garbage emails if these email addresses I find repeat.
That is if they use only a few email addresses which are real

Why do I have to go through so much trouble to block a bad sender?
 
Last edited by a moderator:

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,421
689
263
Houston
cPanel Access Level
DataCenter Provider
But this has been a problem with cpanel for a long time - if you forward emails to let say your ISP email address the spam is forwarded also!
20 years later and Cpanel still can not spam filter a alias ???
Why can't this be filtered prior to the forward?
There's definitely a solution for this, by setting the following in the exim configuration:

Do not forward mail to external recipients based on the defined Apache SpamAssassin™ score - pending you're in fact scanning mail with Spam Assassin. I will state that it has absolutely never been the best practice to forward mail like that though. For example, if you want to receive your server's email at Gmail, they allow you to import it in and act as a mail client, many other email service providers offer this as well. This way you benefit not only from their proprietary spam filtering, but also aren't having to manage the forwarding.


Are these emails actually opening tickets with WHMCS? What it sounds like is happening here is an issue that could easily be resolved by implementing a captcha on the support ticket link, if that's the case.