Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Email Forwarding Problem

Discussion in 'E-mail Discussion' started by MaRiOsGR66, Feb 1, 2018.

Tags:
  1. MaRiOsGR66

    MaRiOsGR66 Well-Known Member

    Joined:
    Feb 18, 2011
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    I've notices lately many bounce emails which actually have the message:
    SMTP error from remote mail server after end of data:
    421-4.7.0 [ IP 15] Our system has detected that this message is
    421-4.7.0 suspicious due to the very low reputation of the sending IP address.
    421-4.7.0 To protect our users from spam, mail sent from your IP address has
    421-4.7.0 been temporarily rate limited. Please visit
    421 4.7.0 Why has Gmail blocked my messages? - Gmail Help for more information. m21si7321721wrb.455 - gsmtp

    H=(csrd.com) [114.234.57.84]:1756 Warning: Message has been scanned: no virus or other harmful content was found
    <= sgww@removed H=(removed.com) [114.234.57.84]:1756 P=esmtp S=1792 T="Re: New refitting business to make your turnover increasing 30% in 1 month" for info@mycustomersdomain.gr
    SMTP connection identification D=mycustomersdomain.gr O=info@mycustomersdomain.gr E=hisgmailaccount@gmail.com M=1ehF5X-001yUB-Pz U=magrizos ID=1323 B=redirect_resolver
    Sender identification U=magrizos D=mycustomersdomain.gr S=info@mycustomersdomain.gr
    SMTP connection outbound 1517492380 1ehF5X-001yUB-Pz mycustomersdomain.gr hisgmailaccount@gmail.com

    So a customer of mine, with the email account info@mycustomersdomain.gr has setup a forwarding email to a gmail account hisgmailaccount@gmail.com

    The above email is ofcourse spam and gmail is responding to that.
    If I check in the cPanel -> Track Delivery -> Show Deferred I can see many many emails like that, all spam that recieve SMTP error from google.

    The REAL problem here is that wondered , if I'm I've setup many RBL's what does spam get through ? so I did check the ip of the spam email: H=(removed.com) [114.234.57.84]
    and it is blacklisted in many RBLs including CBL and Spamhaus where I allready use in this server,
    so why did the spam got through ?

    So if I change to cPanel -> Track Delivery -> Show Failures
    I can see that the email above was allready rejected!!!!:
    sgww@removed Feb 1, 2018 3:38:15 PM 0 info@mycustomersdomain.gr JunkMail rejected - (csrd.com) [49.68.127.146]:1048 is in an RBL: Client host blocked using Barracuda Reputation, see BarracudaCentral.org - Technical Insight for Security Pros

    So the real problem here is that if a spam is received and it's ip exist in one of the blacklists,
    the local email user will not get that email, but if that local email user has a forwarding email setup, the spam email will be forwarded, thats getting the server's ip reputation to a terrible place.

    How can I fix that ?
     
    #1 MaRiOsGR66, Feb 1, 2018
    Last edited by a moderator: Feb 1, 2018
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,659
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The following options are available under the "Apache SpamAssassin Options" tab in "WHM >> Exim Configuration Manager >> Basic Editor" and can help protect against the situation you have described:

    Do not forward mail to external recipients if it matches the Apache SpamAssassin™ internal spam_score setting
    Do not forward mail to external recipients based on the defined Apache SpamAssassin™ score

    Note the description for both options:

    This option requires that each user enable Apache SpamAssassin™ or the “Apache SpamAssassin™: Forced Global ON” is enabled.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. MaRiOsGR66

    MaRiOsGR66 Well-Known Member

    Joined:
    Feb 18, 2011
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    Hello Michael,

    does spamassasin use the RBL that I have setup in Exim ?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,659
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    No, the Exim RBL options work separately from SpamAssassin. This is discussed at:

    Custom RBL for Scoring

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. MaRiOsGR66

    MaRiOsGR66 Well-Known Member

    Joined:
    Feb 18, 2011
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    So this solution wouldn't be a solution, because the existence in an RBL that is installed in the server is 100% guaranteed block of the spam email, but using spamassasin isn't.
     
  6. MaRiOsGR66

    MaRiOsGR66 Well-Known Member

    Joined:
    Feb 18, 2011
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    I did try to enable both options (after enabling Spamassassin for the previous mentioned account)
    but only the first one is...available.
    Any idea why ?

    cpanel_spamassassin_forward.png
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,659
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You can only use one or the other. Both options do the same thing, but one uses the internal spam_score setting and the other allows you to define a specific SPAM score (so you can be more aggressive or conservative when blocking outgoing SPAM specifically sent via forwarders).

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. MaRiOsGR66

    MaRiOsGR66 Well-Known Member

    Joined:
    Feb 18, 2011
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    thank you for the clarification Michael.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice