Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fake Return-Path header address

Discussion in 'E-mail Discussions' started by psytanium, Jan 21, 2017.

Tags:
  1. psytanium

    psytanium Well-Known Member

    Joined:
    Jun 6, 2014
    Messages:
    88
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hi,

    I'm running a VPS server, 1 of my clients called me today, he was exposed to a phishing scam, he sent a big amount of money to a wrong IBAN number.

    I checked the conversation emails, I found the FROM address is coming from a trusted well-known (Company A) but in the Return-Path there is a fake email address (somename@example.ae)

    My questions:

    Where did this fake email in Return-Path come from ?
    Who's guilty ?
    1. My server ?
    2. My client (For not looking in the email header) ?
    3. My client computer (MS Outlook, Windows, Antivirus) ?
    4. Company A mail server ?
    5. Company A computer (Sending emails with injected Return-Path) ?
    How can I know ? Please help

    Thanks
     
    #1 psytanium, Jan 21, 2017
    Last edited by a moderator: Jan 24, 2017
  2. psytanium

    psytanium Well-Known Member

    Joined:
    Jun 6, 2014
    Messages:
    88
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    I setup SPF, DKIM and DMARC. Still receiving spoofed emails. What should I do ?
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    These records will help remote mail servers verify the integrity of emails from your domain name. However, if you want to verify incoming emails, you'd need to consider enabling SpamAssassin (it includes SPF verification), and also consider enabling the following option under "ACL Options" tab in "WHM >> Exim Configuration Manager >> Basic Editor":

    Reject DKIM failures

    This option and other potentially useful options are documented at:

    Exim Configuration Manager - Basic Editor - Documentation - cPanel Documentation

    Thank you.
     
  4. psytanium

    psytanium Well-Known Member

    Joined:
    Jun 6, 2014
    Messages:
    88
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    SpamAssassin is already enabled, anyway i have some questions.
    if i trurn on "Allow DKIM verification for incoming messages" and leave "Reject DKIM failures" turned off. What will happen to the emails ?

    What does it mean "This verification process can degrade your server's performance." ? It will slow down the mail exchange ? Websites and apps ? Ftp transfer ?

    Do you think A new version of MS Outlook, Windows and Internet Security will make any difference regarding those emails ?

    Thanks
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    This allows Exim to check the DKIM records on incoming messages, but doesn't actually reject emails that fail verification.

    It can lead to increased CPU usage and potentially slow email delivery due to the extra work required for Exim to verify DKIM records for incoming emails. You are more likely to see an issue on systems with high volumes of incoming email.

    The email client itself won't prevent the delivery of spoofed emails.

    Thank you.
     
Loading...

Share This Page