Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Email Forwarding Problem

Discussion in 'E-mail Discussions' started by MaRiOsGR66, Feb 1, 2018.

Tags:
  1. MaRiOsGR66

    MaRiOsGR66 Well-Known Member

    Joined:
    Feb 18, 2011
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    I've notices lately many bounce emails which actually have the message:
    SMTP error from remote mail server after end of data:
    421-4.7.0 [ IP 15] Our system has detected that this message is
    421-4.7.0 suspicious due to the very low reputation of the sending IP address.
    421-4.7.0 To protect our users from spam, mail sent from your IP address has
    421-4.7.0 been temporarily rate limited. Please visit
    421 4.7.0 Why has Gmail blocked my messages? - Gmail Help for more information. m21si7321721wrb.455 - gsmtp

    H=(csrd.com) [114.234.57.84]:1756 Warning: Message has been scanned: no virus or other harmful content was found
    <= sgww@removed H=(removed.com) [114.234.57.84]:1756 P=esmtp S=1792 T="Re: New refitting business to make your turnover increasing 30% in 1 month" for info@mycustomersdomain.gr
    SMTP connection identification D=mycustomersdomain.gr O=info@mycustomersdomain.gr E=hisgmailaccount@gmail.com M=1ehF5X-001yUB-Pz U=magrizos ID=1323 B=redirect_resolver
    Sender identification U=magrizos D=mycustomersdomain.gr S=info@mycustomersdomain.gr
    SMTP connection outbound 1517492380 1ehF5X-001yUB-Pz mycustomersdomain.gr hisgmailaccount@gmail.com

    So a customer of mine, with the email account info@mycustomersdomain.gr has setup a forwarding email to a gmail account hisgmailaccount@gmail.com

    The above email is ofcourse spam and gmail is responding to that.
    If I check in the cPanel -> Track Delivery -> Show Deferred I can see many many emails like that, all spam that recieve SMTP error from google.

    The REAL problem here is that wondered , if I'm I've setup many RBL's what does spam get through ? so I did check the ip of the spam email: H=(removed.com) [114.234.57.84]
    and it is blacklisted in many RBLs including CBL and Spamhaus where I allready use in this server,
    so why did the spam got through ?

    So if I change to cPanel -> Track Delivery -> Show Failures
    I can see that the email above was allready rejected!!!!:
    sgww@removed Feb 1, 2018 3:38:15 PM 0 info@mycustomersdomain.gr JunkMail rejected - (csrd.com) [49.68.127.146]:1048 is in an RBL: Client host blocked using Barracuda Reputation, see BarracudaCentral.org - Technical Insight for Security Pros

    So the real problem here is that if a spam is received and it's ip exist in one of the blacklists,
    the local email user will not get that email, but if that local email user has a forwarding email setup, the spam email will be forwarded, thats getting the server's ip reputation to a terrible place.

    How can I fix that ?
     
    #1 MaRiOsGR66, Feb 1, 2018
    Last edited by a moderator: Feb 1, 2018
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,714
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The following options are available under the "Apache SpamAssassin Options" tab in "WHM >> Exim Configuration Manager >> Basic Editor" and can help protect against the situation you have described:

    Do not forward mail to external recipients if it matches the Apache SpamAssassin™ internal spam_score setting
    Do not forward mail to external recipients based on the defined Apache SpamAssassin™ score

    Note the description for both options:

    This option requires that each user enable Apache SpamAssassin™ or the “Apache SpamAssassin™: Forced Global ON” is enabled.

    Thank you.
     
  3. MaRiOsGR66

    MaRiOsGR66 Well-Known Member

    Joined:
    Feb 18, 2011
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    Hello Michael,

    does spamassasin use the RBL that I have setup in Exim ?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,714
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    No, the Exim RBL options work separately from SpamAssassin. This is discussed at:

    Custom RBL for Scoring

    Thank you.
     
  5. MaRiOsGR66

    MaRiOsGR66 Well-Known Member

    Joined:
    Feb 18, 2011
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    So this solution wouldn't be a solution, because the existence in an RBL that is installed in the server is 100% guaranteed block of the spam email, but using spamassasin isn't.
     
  6. MaRiOsGR66

    MaRiOsGR66 Well-Known Member

    Joined:
    Feb 18, 2011
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    I did try to enable both options (after enabling Spamassassin for the previous mentioned account)
    but only the first one is...available.
    Any idea why ?

    cpanel_spamassassin_forward.png
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,714
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You can only use one or the other. Both options do the same thing, but one uses the internal spam_score setting and the other allows you to define a specific SPAM score (so you can be more aggressive or conservative when blocking outgoing SPAM specifically sent via forwarders).

    Thank you.
     
  8. MaRiOsGR66

    MaRiOsGR66 Well-Known Member

    Joined:
    Feb 18, 2011
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    thank you for the clarification Michael.
     
Loading...

Share This Page