The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Looking for Advice to Prevent Server from Sending Email with FROM Not Matching Valid Email on Server

Discussion in 'E-mail Discussions' started by Zbx3x4UyxPy7Ty2, Mar 14, 2014.

  1. Zbx3x4UyxPy7Ty2

    Zbx3x4UyxPy7Ty2 Registered

    Joined:
    Feb 24, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I am looking for suggestions on settings to check/change and/or additional software I should install to prevent the following:

    The password for 2-3 accounts on one of our servers appear to have been compromised. Our server currently requires SMTP authentication for sending email. We're getting a lot of bounce/rejection emails from the server. The IP sending the emails through our server is in Russia (we are in the US).

    We have changed the passwords. We're now looking for additional steps to take to prevent our server from making delivery attempts when

    - the FROM address so very clearly does not match any valid address or domain on our server
    - the FROM address does not match the email/username the user has authenticated with

    Here is the email:

    Code:
    Return-path: <VALID_SERVER_EMAIL_ADDRESS_HERE>
    Received: from [195.206.xx.xx] (port=49759 helo=VALID_SERVER_HOSTNAME_HERE)
    	by host1.mycompany.com with esmtpa (Exim 4.80.1)
    	(envelope-from <VALID_SERVER_EMAIL_ADDRESS_HERE>)
    	id 1WNtQa-0005Gx-Ca; Wed, 12 Mar 2014 20:23:17 -0400
    From: "someone" <username@yahoo.com>
    To: "someone else" <username@domain.in>,
     "someone else too" <username@domain.in>
    Subject: Someone
    Date: Wed, 13 Mar 2014 01:23:15 +0100
    MIME-Version: 1.0
    X-mailer: Microsoft Office Outlook, Build 11.0.5510
    Reply-To: username@yahoo.com
    Content-type: multipart/alternative;
     boundary="----=_NextPart_000_17FE_291D38A0.593B4452"
     
    This is a multi-part message in MIME format.
     
    ------=_NextPart_000_17FE_291D38A0.593B4452
    Content-type: text/plain; charset=ISO-8859-1
    Content-Transfer-Encoding: quoted-printable
     
    http://domain.com/qhafjun/lanejbx.gicp
     
    ------=_NextPart_000_17FE_291D38A0.593B4452
    Content-type: text/html; charset=UTF-8
    Content-Transfer-Encoding: quoted-printable
     
    =EF=BB=BF<html><head><meta http-equiv=3D"content-type" content: text/html;=
     charset=
    =3DUTF-8></head><body>http://domain,.com/qhafjun/lanejbx.gicp</body></html>
    ------=_NextPart_000_17FE_291D38A0.593B4452--
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Re: Looking for Advice to Prevent Server from Sending Email with FROM Not Matching Valid Email on Se

    Hello :)

    The following document is a good place to start:

    cPanel - Prevent Email Abuse

    Thank you.
     
  3. LostNerd

    LostNerd Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    258
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Hastings, East Sussex, UK
    cPanel Access Level:
    Root Administrator
    Twitter:
    Re: Looking for Advice to Prevent Server from Sending Email with FROM Not Matching Valid Email on Se

    There's a little tool on the net I use... MXToolbox.com. Type any of your domains in there and it will run tests on the server to see if your mailserver is currently an open relay or any other issues that may be present. ->
     
Loading...
Similar Threads - Looking Advice Prevent
  1. phillbooth
    Replies:
    1
    Views:
    257
  2. AmVu
    Replies:
    1
    Views:
    261

Share This Page