Email being used by other users

[wvim]

Hello,
Our servers use pmg as email, but we have discovered something recently. A domain is able to spam emails via other domains. The users in question see that there is mail being sent from that emailadress in track delivery on their account. The mail headers also mention the other domain. So [email protected] sends an email but domain defg.com is being used. Is this a known cpanel bug or does anyone have an idea where it might be coming from?
Regards,

 

[cPRex]

Hey there! I'm not completely sure what you're experiencing based on that information. Can you get me some additional details?

-What is PMG?
-Can you include a copy of the mail headers, with the domains obscured for security, so we can see the mail transaction?
-Do you see the original outbound message in the local Exim logs on the server?

 

[wvim]

Hi there!
PMG is Proxmox mail gateway. It is an open source security mail platform. I have delivery event details for you and asked for the headers of the original mail. https://media.zxcs.nl/images/2022/10/27/a6d9dc0219bd49c065563ca2aaf91238.png

 

[wvim]

We do also see the message in the exim logs indeed. But this is not a known cpanel bug?

 

[cPRex]

I'm still not entirely sure what the issue is from that screenshot, as that just looks like a normal email delivery to me. it might be best to create a ticket with our team so we can look at this message directly on the server.

 

[wvim]

Hey cPRex!

The problem exists in that there is a authentication with [email protected] but this authentication is able to send mails with a from like "[email protected]" . This shouldn't be possible.

That it can mail with a different "from" header from the same domain is fine but not with a different domain from the same server. The users are not related to each other. yet they can use the domains on the server resulting in outgoing spam.

In directadmin we have a ACL in exim where we made it impossible to send mail with a different from header then your authentication has.

p.s. We have multiple users complaining about outgoing spam blocks due to this even where they do not send any mail.
p.p.s Forget the part about PMG ( this is just a relay that checks outgoing mail before it actually gets send, like a smarthost. )

 

[cPRex]

Could you submit a ticket to our team so we can review this directly on your server?