The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim anti-spam (callout) feature

Discussion in 'General Discussion' started by p.kiula, Sep 14, 2007.

  1. p.kiula

    p.kiula Member

    Joined:
    Sep 13, 2007
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Hi. I keep getting bounce messages from email addresses to whom I did not send any email. I suspect spammers are spoofing my email address as the FROM header, so I receive the bounce message.

    To avoid this, I checked the Exim config stuff, and found this option:

    When I checked this option, a new one popped up:

    Basically both of these sound good to me in English, but I just want to know -- technically what is the ramification of selecting this? Will Exim be very slow, trying to check on everyone who sends me email?
     
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Are you using your default address? If you are using your default address, then you will likely receive a ton of bounced messages from forged addresses.
     
  3. p.kiula

    p.kiula Member

    Joined:
    Sep 13, 2007
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Not sure what you mean by "using default address"? That's my main email ID on the domain. So why will I not use it? The catch-all on the domain is ""fail:" as always.

    Anyway, the question is: are those options I mentioned safe enough to use?
     
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    These won't exactly help from your end.

    Sender callouts (sometimes called sender verification) is just a method of determining whether or not the envelope-sender is valid when accepting a message.

    This won't help in your case because the bounce messages are coming from a mailer daemon. The only way this would help would be if the mailer daemon envelope-sender is invalid (which is if it, its just a poorly constructed mail server... but thats another topic).

    Your default address refers to all kinds of bogus e-mail addresses. asdf@yourdomain.com, zxcv@yourdomain.com, etc. If you don't have john@yourdomain.com set up as a real account, then the default address would also handle this.

    The only thing that would really stop this type of activity is if you have your default address set to :fail: and all of the other mail servers all over the world are also doing sender callouts.

    If all of the mail servers all over the world were using sender callouts and if a spammer tried to send out a spam message using asdf@yourdomain.com, all of the mail servers would reject this message because the callout for asdf@yourdomain.com would fail.

    This wouldn't be of much help if you really had a tom@yourdomain.com address set up and a spammer was hijacking that e-mail address. In this instance a callout of tom@yourdomain.com would succeed. But still if tom@yourdomain.com is absolutely the only e-mail address you ever expect to receive e-mail at, then it just makes better sense to deny messages at the default address and set up a tom@yourdomain.com address to accept messages. This greatly reduces the number of addresses at yourdomain.com that a spammer can hijack.

    Also make sure that your default address is set to :fail: with both colons. I suspect that you have this set correctly, you just forgot to mention both colons. You can also set this by using the Discard at SMTP time in your control panel for your default address.
     
Loading...

Share This Page