Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Getting rid of forged mails usign e-mail authentication (solution with acl)

Discussion in 'E-mail Discussion' started by Un Area, Nov 21, 2012.

  1. Un Area

    Un Area Well-Known Member

    Joined:
    Nov 16, 2006
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    156
    Im having the problem that some users set weak passwords in their email account that can be easily hacked using dictionary attack.
    Then the spammer sends something like spammail@hotmail.com using the authenticated id login of the hacked account ex. mail@domain.com, and the email pass through without a problem.

    So I want to compare that the FROM: matchs the Authenticated_id of the sender, for example if spammail@hotmail.com dont match with mail@domain.com (the mail is refused) if mail@domain.com equals mail@domain.com -> pass ok.

    I searched over google and I found this rule, but when I set it to exim doesnt works, email goes through anyways using a forged email address. I dont know if this is the complete rule or its missing a $h_from: parameter or something.

    Have anywone tryed this before and what is missing here???

    deny
    authenticated = *
    !condition = ${if eq{$sender_address}{$authenticated_id}{no}{yes}}
    message = The sender name must be the same as the login id

    Thanks!!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 Un Area, Nov 21, 2012
    Last edited: Nov 21, 2012
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice