The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Email Received but from wrong accounts

Discussion in 'E-mail Discussions' started by milen777, Jun 1, 2016.

  1. milen777

    milen777 Registered

    Joined:
    Jan 14, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    Very funny thing is going on with my cpanel email processing.

    Email from outside sent to my domain in cpanel

    peter@outsidedomain.com -> myemail@mycpaneldomain.com

    when i received the email from peter is its with wrong email to reply back

    like Peter<someotheruser@mycpaneldomain.com>
    and not as should Peter<peter@outsidedomain.com>

    what is making this rewriting of peters email in the headers to wrong email to reply?

    thanks....
     
  2. milen777

    milen777 Registered

    Joined:
    Jan 14, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
  3. milen777

    milen777 Registered

    Joined:
    Jan 14, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    hah, I fixit it but still dont know why this rewrite of remote header happen....
    I disable
    “EXPERIMENTAL: Rewrite From: header to match actual sender”
    and now no more incorrect FROM accounts
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Was the "EXPERIMENTAL: Rewrite From: header to match actual sender" option configured as "All" or "Remote" before you disabled it? Is it possible the message came from a local account through a PHP script? You can search for one of the messages in /var/log/exim_mainlog to get a better idea of what happened with a command such as:

    Code:
    exigrep MSGID /var/log/exim_mainlog
    Thank you.
     
  5. milen777

    milen777 Registered

    Joined:
    Jan 14, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi this code return the following:
    Code:
    2016-06-01 16:02:50 1b7zEw-000646-De <= someusr@gmail.com H=mail-oi0-f44.google.com [209.85.218.44]:34485 P=esmtps X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=526236 id=-6228852111706072935@unknownmsgid T="Quote for shirts." for stores@example.org
    2016-06-01 16:02:50 1b7zEw-000646-De => stores <stores@example.org> R=virtual_user T=virtual_userdelivery
    2016-06-01 16:02:50 1b7zEw-000646-De Completed
    
    I can not remember what the "EXPERIMENTAL: Rewrite From: header to match actual sender:" was set to
    but it will pickup random cpanel email account and place it on all the remote incoming emails. faking the email address of the remote sender email address with local cpanel email address, so no one pay attention and when hit reply and send the email was going to random cpanel email address, and not to the remote domain.
    I think i was fighting spam when i tick it to see what will happened, and forgot about it, by default is disabled.
    absolutely no problem since i disable it.everything is going smooth as whiskey on ice.

    No php script. the emails was coming from identified senders, when they complain that are not getting our emails i check and found out the email headers was re-written with local cpanel email addresses, and replacing the actual sender email address with cpanel random email accounts
     
    #5 milen777, Jun 6, 2016
    Last edited by a moderator: Jun 6, 2016
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Would you mind opening a support ticket so we can attempt to reproduce this issue on your system and determine why that happened? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page