How to find the source of this email

psytanium

Well-Known Member
Jun 6, 2014
205
11
68
Lebanon
cPanel Access Level
Root Administrator
Hello,

I always receive spams with nonsense content, I block or delete it, but I would like to know the source of the sender of this email:

Code:
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from server.mydomain.com
by server.mydomain.com with LMTP
id 6AhZMzKy21zIcAAAAm/+cA
(envelope-from <[email protected]>)
for <[email protected]>; Wed, 15 May 2019 09:31:14 +0300
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Wed, 15 May 2019 09:31:14 +0300
Received: from [154.126.169.202] (port=30621)
by server.mydomain.com with esmtp (Exim 4.91)
(envelope-from <[email protected]>)
id 1hQnRa-0007pT-HC
for [email protected]; Wed, 15 May 2019 09:31:14 +0300
Message-ID: <[email protected]>
Date: Wed, 15 May 2019 07:33:49 +0000
From: <[email protected]>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
To: <[email protected]>
Subject: Frauders known your old passwords. Access data must be changed.
Content-Type: text/plain; charset=CP-850; format=flowed
Content-Transfer-Encoding: 8bit

Is it coming from my server ?
 
Last edited by a moderator:

m.eid

Well-Known Member
Jun 4, 2014
54
6
83
Jordan
cPanel Access Level
Root Administrator
Twitter
I've received such that many times received to my clients signed by their domains as both sender and receivers, actually I've searched hard about that, they may using a hole in a script in your host, where they will say they had hacked your email but just ignore them and scan your host and apps there to find any vulnerabilities.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston
The exim configuration setting as follows should allow the from header to be rewritten according to the actual sender:
EXPERIMENTAL: Rewrite From: header to match actual sender
If you enabled this option, the From: header will be rewritten to be the email address of the actual message sender. If you choose the "remote" option, only messages that are being sent to remote destinations will be affected.
 

keat63

Well-Known Member
Nov 20, 2014
1,839
220
93
cPanel Access Level
Root Administrator
Does 'EXPERIMENTAL: Rewrite From: header to match actual sender' have any effect on inbound traffic.
I read elsewhere that this only affects outbound emails.
 
  • Like
Reactions: psytanium

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston