The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

problem with auto reply and spam

Discussion in 'General Discussion' started by jcorreia, Nov 28, 2011.

  1. jcorreia

    jcorreia Well-Known Member

    Joined:
    Apr 25, 2005
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    Hi,
    we have changed our email domain, so we have a autoreply e forward from the old email to the new.
    Since last week we are receiving spam from our own auto reply. All the subject are like "RE: ***SPAM*** Score:18.8 Administrative Assistant Position" and the email body is what we configured in the auto reply.

    Fom the subject and body we can conclude that spamassassin is working and the "RE:" is from our auto reply. For it to be emailing us because the spammer is sending the from on the email from my own email. We do have SPF enabled to.

    There is some flaw here that spammmers learned to exploit. I´ve checked email headers from original spam message in boxtraper and the spam that do have this behavior (because only some emails do this...not all) have two "received: " in the headers like this

    HTML:
    Return-path: <0-nlent@ulker.org>
    Envelope-to: jcorreia@atlier-informatica.com.pt
    Delivery-date: Mon, 28 Nov 2011 03:43:59 +0000
    Received: from 201-223-52-83.baf.movistar.cl ([201.223.52.83]:57897)
    	by server.atlier-informatica.net with esmtp (Exim 4.69)
    	(envelope-from <0-nlent@ulker.org>)
    	id 1RUs8L-00008R-Sw
    	for jcorreia@atlier-informatica.com.pt; Mon, 28 Nov 2011 03:43:59 +0000
    Received: from 201.223.52.83(helo=atlier-informatica.com.pt)
    	by atlier-informatica.com.pt with esmtpa (Exim 4.69)
    	(envelope-from )
    	id 1MM2DL-7081tj-OV
    	for <jcorreia@atlier-informatica.com.pt>; Sun, 27 Nov 2011 23:44:02 -0400
    From: <jcorreia@atlier-informatica.com.pt>
    To: <jcorreia@atlier-informatica.com.pt>
    Date: Sun, 27 Nov 2011 23:44:02 -0400
    MIME-Version: 1.0
    Content-Type: text/plain;
    	charset="iso-8859-2"
    Content-Transfer-Encoding: 7bit
    X-Mailer: oejscehmin 54
    Message-ID: <1189883438.I8FN66RD854584@jwuwsfnvebbu.geuhekiq.ua>
    X-Spam-Status: Yes, score=24.1
    X-Spam-Score: 241

    notice the second received :
    HTML:
    Received: from 201.223.52.83(helo=atlier-informatica.com.pt)
    	by atlier-informatica.com.pt with esmtpa (Exim 4.69)
    	(envelope-from )
    	id 1MM2DL-7081tj-OV
    	for <jcorreia@atlier-informatica.com.pt>; Sun, 27 Nov 2011 23:44:02 -0400
    
    it´s false, that´s not my ip..... that, and this in conjuction

    HTML:
    From: <jcorreia@atlier-informatica.com.pt>
    To: <jcorreia@atlier-informatica.com.pt>
    
    is bypassing SPF and send me the subjects of the spam filtered....


    Can you confirm and fix this ?

    I have WHM 11.30.4.6.


    Thanks
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If you believe you've discovered a flaw or bug in how the auto responders function, please submit a report at http://go.cpanel.net/bugs location. This is where all internal cases are currently handled. Thanks!
     
  3. jcorreia

    jcorreia Well-Known Member

    Joined:
    Apr 25, 2005
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    Thanks, I´ve done that.
     
Loading...

Share This Page