The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Prevent email spoofing

Discussion in 'E-mail Discussions' started by GoWilkes, Dec 12, 2011.

  1. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I found a script online that can be added to exim.conf, that is supposed to prevent email spoofing:

    check_recipient:
    deny
    message = "Incorrect from address <${sender_address}>. Please use <${authenticated_id}> instead"
    authenticated = *
    ! condition = ${if match_address{${sender_address}}{$authenticated_id} }

    Giving credit where credit is due:

    cPanel - Prevent Mail Spoofing | Ruy Rocha

    I tried using it to prevent a virus from sending out spam, and it DID work. But my question is, will this prevent people from using legitimately forwarded accounts from sending email, too?

    Eg, if my account is example@example.com, and I have a bunch of forwarders set up on the server:

    jason@example.com -> example@example.com
    sales@example.com -> example@example.com
    info@example.com -> example@example.com

    Would I still be able to send emails as sales@example.com, even though the account username is example@example.com? Or would this also be blocked?

    If this would also be blocked, can you guys suggest a modification to the script that WOULD allow legitimately forwarded accounts?
     
  2. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    After some work, I've found that the script DOES prevent the client from using legitimately forwarded emails as a return address.

    Any suggestions on how to modify the script to allow legitimately forwarded accounts? Or at the very least, to only check that the domain matches instead of the entire address?
     
Loading...

Share This Page