How to reject SMTP send if From header doesn't match SMTP user?

Operating System & Version
CloudLinux 7.9
cPanel & WHM Version
11.90.0.16

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
I'l be honest, I'm not entirely sure that this is possible.
I'm pretty sure it's been discussed on here many times, although I could be wrong.

You could look in exim config at:


EXPERIMENTAL: Rewrite From: header to match actual sender [?]
If you enabled this option, the From: header will be rewritten to be the email address of the actual message sender. If you choose the "remote" option, only messages that are being sent to remote destinations will be affected.
 
Last edited:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,027
313
cPanel Access Level
Root Administrator
I think this is similar to the many "how to stop spoofing" threads that get created. You can't really prevent then with 100% certainty, but there are things you can do to help reduce the chances of them getting through. A few possible options are here:


but a search of the forums for "spoof" will give you many threads with different workarounds and recommendations that users have implemented over the years.
 

manoaratefy

Well-Known Member
Nov 17, 2018
54
5
8
Madagascar
cPanel Access Level
Root Administrator
Twitter
Hello,

After a lot of searching, I decided to filter these email using Exim filter. So, I added /usr/local/cpanel/etc/exim/sysfilter/options/fail_from_dont_match_sender with the following content:
Code:
if $header_from: does not matches "" and
   $header_from: does not contains $sender_address
then
  fail text "From header doesn't match authenticated sender"
  seen finish
endif
I applied changes by enabling this filter on WHM > Service Configuration > Exim Configuration Manager but it doesn't work. I did something wrong?
 
Last edited:

WasChristine

Technical Analyst
Aug 10, 2018
57
11
83
Houston, TX
cPanel Access Level
Root Administrator
Hello.

Does adjusting this line make any changes to the way that your filter works?:

if $header_from: does not matches "" and

Specifically changing "matches" to "match". We must note that our assistance on this matter is quite limited, though you may be able to get this to work through testing various changes in the custom filter.