Email being used by other users

Operating System & Version
CloudLinux v7.9.0 STANDARD standard
cPanel & WHM Version
106.0.9

wvim

Registered
Oct 27, 2022
4
0
1
localhost
cPanel Access Level
Root Administrator
Hello,
Our servers use pmg as email, but we have discovered something recently. A domain is able to spam emails via other domains. The users in question see that there is mail being sent from that emailadress in track delivery on their account. The mail headers also mention the other domain. So [email protected] sends an email but domain defg.com is being used. Is this a known cpanel bug or does anyone have an idea where it might be coming from?
Regards,
 
Last edited:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
Hey there! I'm not completely sure what you're experiencing based on that information. Can you get me some additional details?

-What is PMG?
-Can you include a copy of the mail headers, with the domains obscured for security, so we can see the mail transaction?
-Do you see the original outbound message in the local Exim logs on the server?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
I'm still not entirely sure what the issue is from that screenshot, as that just looks like a normal email delivery to me. it might be best to create a ticket with our team so we can look at this message directly on the server.
 

wvim

Registered
Oct 27, 2022
4
0
1
localhost
cPanel Access Level
Root Administrator
Hey cPRex!

The problem exists in that there is a authentication with [email protected] but this authentication is able to send mails with a from like "[email protected]" . This shouldn't be possible.

That it can mail with a different "from" header from the same domain is fine but not with a different domain from the same server. The users are not related to each other. yet they can use the domains on the server resulting in outgoing spam.

In directadmin we have a ACL in exim where we made it impossible to send mail with a different from header then your authentication has.

p.s. We have multiple users complaining about outgoing spam blocks due to this even where they do not send any mail.
p.p.s Forget the part about PMG ( this is just a relay that checks outgoing mail before it actually gets send, like a smarthost. )