The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mail filter problem

Discussion in 'E-mail Discussions' started by loades, Jun 22, 2014.

  1. loades

    loades Registered

    Joined:
    Jun 22, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    My domain name is being forged as the sender of spam. It appears that a unique local part address is used in each spam e-mail i.e fcdrf56yt4@mydomain, kifg1gh89@mydomain etc etc This means that I'm receiving hundreds of bounce messages a day! Each addressed to a unique local part address. What should be the easy part is that over 90% of these unique local part addresses have at least one digit in them. I thought it would be easy to filter all incoming mail with at least one digit in it. Any recipient matches regex [0-9] to be discarded. Test mail to any address with a digit in it does get discarded but bounce message still get delivered!! All bounce message have a header line Return-path: <> So, I changed the rule to Any Header Begins 'Return-path: <>' and Any recipient matches regex [0-9] Yet bounce messages with a digit in the address still get delivered!

    Why is this cPanel mail fliter failing? Help!

    Malcolm

    PS I can safely discard all mail (bounce or otherwise) to a local part address with a digit in it since I've never used an address in that format. I cannot afford to discard all bounce message since I want those being returned to a 'real' address.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    One way to address this issue is to modify the "Default Address" option in cPanel to:

    "Discard with error to sender (at SMTP time)"

    This will ensure any email sent to a non-existent email account bounces back to the sender. Otherwise, could you paste the exact filter rule you are using so we can get a better idea of why it may not work as you intend?

    Thank you.
     
  3. loades

    loades Registered

    Joined:
    Jun 22, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Thanks for your response.

    Discarding to non-existent email accounts is a non-starter. I always give a unique address to any company I form fill/write to e.g ebay@mydomain.tld amazon@mydomain.tld google@mydomain.tld britishairways@mydomain.tld etc. They send me SPAM, I say please stop, they don't stop, I discard all mail to that unique address, job done! All incoming mail is then forwarded to a single mailbox - I let my local mail client then do the sorting as I wish.

    I use cPanel as managed by my hosting provider. Under 'User Level Filtering' I selected the catch all mailbox and created the rule 'Any header contains Return-path: <> AND Any recipient matches regex [0-9]' I can provide a screenshot if that would assist but I'm sure you can understand it as written.

    Intially I used only the matches regex rule but when that didn't work I looked carefully at the headers of bounce messages and saw that they all have an empty return path so added that to the filter, still without success.

    Test messages with a digit in them get discarded, it's only bounces which still get delivered. Problem is there are hundreds of these bounces everyday :-(

    Malcolm
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You might want to give this another look.

    Create a forward instead. ie: paypal @ yourdomain.com, ebay @ yourdomain.com etc. and use those for this.

    Of course there is, you're accepting everything anyone throws at it, and then hoping to control that with filtering you don't need to be doing, IMHO.

    cPanelMichael's suggestion is the way to go.

    Anything routed to paypal @ yourdomain.com or ebay @ yourdomain.com and you have no forward setup to accept it, is bounced.
     
  5. loades

    loades Registered

    Joined:
    Jun 22, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Ok, I give up!

    It's obviously not possible to simply filter on the local part of an e-mail address which contains a digit. All the mail clients I know have no problem with it so why cPanel can't do it must remain a mystery. I can discard these emails easily with my mail client - problem is that since cPanel accepted them they've been forwarded to my gmail account for pushing to my smartphone.

    Whatever you may say about setting up accept rules for each email address I issue is utterly impractical, I've probably already used a 100 or more and can't remember everyone. If I give a company a unique address and I'm not at that moment able to setup an accept rule for that address then I risk losing mail until I'm able to do so.

    Until this back scatter started arriving I've never had any problem controlling spam. I registered my domain in 1999 and by using unique addresses and by discarding mail to compromised email addresses I could go days without any SPAM.

    Why is something so simple not possible with cPanel?
     
  6. cPanelPeter

    cPanelPeter Technical Analyst III
    Staff Member

    Joined:
    Sep 23, 2013
    Messages:
    569
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    By having the default address set up that way, you are susceptible to what is known as a "Joe Job".

    This is why we recommend setting it to "fail" so email to non-existent accounts will be discarded. This is simply how this works and I assure you that if this were to happen with any other mail provider not using cPanel, it would be the exact same results.

    To say that mail clients can handle it, why doesn't cPanel is wrong, since the two are not at all the same thing. cpanel is software for managing hosting servers, while mail clients are MUA's (Mail User Agents) that connect to those servers to collect mail.

    Additionally you are forwarding your email to Gmail, so email is not stored on the server at all. Joe Jobs usually only last a few days, so you could just wait it out if you like. But ultimately the best solution is to not use a default address.
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If you have access to the server logs, you might check to see if google is rate limiting you due to the spam you're forwarding to its servers.

    Forwarded email is not checked its just forwarded. Spam or not.

    If you don't have access to logs, ask your Hosting Provider about it.
     
Loading...

Share This Page