The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim acl to drop remote mail from local configured domain

Discussion in 'E-mail Discussions' started by tbone, May 11, 2016.

  1. tbone

    tbone Registered

    May 11, 2016
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello cPanel community,

    TL;DR version:
    Latest cPanel version as of now: CentOS 6.7 x86_64 WHM 56.0 (build 14)

    People with mailboxes in receive spam with MAIL FROM: <some random people> that originates from random IP addresses around the world.
    What's the proper way to fix this ?

    Long version:
    Over the past few weeks, I've noticed the following behavior on one of the cPanel servers currently under my administration.

    We have a domain, let's call it . In this domain, we have a number of mailboxes, let's say 50, with a number of forwarders, and so on. We also have some generic mailboxes that are in use, stuff like,,, and generic-name mailboxes like,, etc. All of the mailboxes are in use (contact@ and office@ are forwarders, the rest are actual mailboxes).

    Over the past few weeks, people in started complaining of receiving spam from the above-mentioned mailboxes. For example, receives spam from,, even, and of course, some more generic names that don't exist on our systems, like,, so on. The fact that it looks to be originate from our domain, actually looks convincing to users, enough to make them click on the links, download the attachments, etc.

    Looking over the headers of the e-mails, I can see that they're originating from random IP addresses, ranging from the US to Europe and Asia, most likely some infected computers, using random EHLO's.

    Is there a way to do some checks in exim before delivering said received e-mails ? I was thinking of something like "if the domain is declared locally, and the MAIL FROM seems to be from someone in the local domain, but the connection is not local, then drop it".

    I was thinking of building an exim ACL, but my experience with ACL's in exim is not that rich, and I'm not entirely sure that's the best approach.

    Thank you for taking the time and reading this.

    Best regards,
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator

    You could enable the "Reject SPF failures" option via the "ACL Options" tab in "WHM >> Exim Configuration Manager >> Basic Editor". The option is documented at:

    Exim Configuration Manager - Basic Editor - Documentation - cPanel Documentation

    Thank you.

Share This Page