EXIM Config file - incoming forwarded mail

[dhep27]

Good Afternoon

I'm hoping someone can help.

We own 'example.com'.
UserA has a Hotmail account ([email protected]) that is forwarding to [email protected]

If [email protected] sends an email to [email protected] - the message is re-directed to [email protected] and the 'From' header remains as '[email protected]'. So our EXIM implementation looks at '[email protected]' and rejects it as it's unauthenticated and not allowed to send via this Hotmail server.

How do we allow this forwarding to happen, but at the same time prevent email messages spoofing 'Example.com'? The obvious would be to tell UserB to email [email protected] directly - but we have a scenario where we are seeing lots of forwarded mail inbound to our EXIM environment for example.com. Any help would be greatly appreciated.

 

[cPanelMichael]

So our EXIM implementation looks at '[email protected]' and rejects it as it's unauthenticated and not allowed to send via this Hotmail server.

Hello,

Could you let us know the specific output to /var/log/exim_mainlog for one of the affected messages? EX:

exigrep MSGID /var/log/exim_mainlog

Thank you.

 

[dhep27]

Thanks Michael. Here is the extract from the log:-

2017-03-07 15:15:23 [27538] H=mail-db5eur01lp0180.outbound.protection.outlook.com (EUR01-DB5-obe.outbound.protection.outlook.com) [213.199.154.180]:14906 I=[13.74.30.133]:25 X=TLSv1.2:AES256-SHA256:256 CV=no F=<[email protected]> rejected RCPT <[email protected]>: Invalid sender address: [email protected]

The ACL that is causing this is in the acl_smtp_rcpt section:-

# Do not allow @example.com senders via MX from unknown IPs
deny message = Invalid sender address: $sender_address
sender_domains = ^(DOMSUFFS)\$
!hosts = net-iplsearch;/etc/exim/mx-allowed-ips

# Do not allow @example.com mail for disallowed senders via MX
deny message = Invalid sender address: $sender_address
sender_domains = ^(DOMSUFFS)\$
!senders = lsearch;/etc/exim/mx-allowed-senders

Any help or advice would be greatly appreciated. Cheers!

 

[cPanelMichael]

The ACL that is causing this is in the acl_smtp_rcpt section:-

# Do not allow @example.com senders via MX from unknown IPs
deny message = Invalid sender address: $sender_address
sender_domains = ^(DOMSUFFS)\$
!hosts = net-iplsearch;/etc/exim/mx-allowed-ips

# Do not allow @example.com mail for disallowed senders via MX
deny message = Invalid sender address: $sender_address
sender_domains = ^(DOMSUFFS)\$
!senders = lsearch;/etc/exim/mx-allowed-senders

Hello,

Is this a custom ACL rule you have implemented? I don't see it included in the default Exim configuration offered in cPanel. Have you considered alternatives to prevent email spoofing, such as enforcing DKIM verification?

Thank you.