The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

problems with DKIM?

Discussion in 'E-mail Discussions' started by keat63, Jun 29, 2015.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I saw this email today which seems to have slipped through the DKIM safety net, any ideas how ??

    Code:
    Return-path: <jamie@xxx.co.uk>
    Envelope-to: jamie@xxx.co.uk
    Delivery-date: Mon, 29 Jun 2015 09:24:59 +0100
    Received: from [103.252.24.243] (port=61054)
        by host.myservers.co.uk with esmtp (Exim 4.85)
        (envelope-from <jamie@xxx.co.uk>)
        id 1Z9UN4-0000qb-9k
        for jamie@xxx.co.uk; Mon, 29 Jun 2015 09:24:59 +0100
    Content-Type: multipart/mixed; boundary=Apple-Mail-35D19FED-3315-4BD6-9320-8EFCBEAF9499
    Content-Transfer-Encoding: 7bit
    From: jamie@xxx.co.uk <jamie@xxx.co.uk>
    Mime-Version: 1.0 (1.0)
    Date: Mon, 29 Jun 2015 13:54:51 +0530
    Subject: WhatsApp Chat with Jay Stephenson
    Message-Id: <6439037D-5047-4141-9A78-54331DD60B7F@coxheadcleaningservices.co.uk>
    To: Louise <louise@coxhead.co.uk>
    X-Mailer: iPhone Mail (11D167)
    X-Spam-Status: No, score=1.3
    X-Spam-Score: 13
    X-Spam-Bar: +
    X-Ham-Report: Spam detection software, running on the system "leeds.stlservers.co.uk",
    has NOT identified this incoming email as spam.  The original
    message has been attached to this so you can view it or label
    similar future email.  If you have any questions, see
    root\@localhost for details.
    
    

    Jamie@xxx.co.uk is a user on a domain on my server.

    louise@coxhead.co.uk, i have no idea who this is.
     
    #1 keat63, Jun 29, 2015
    Last edited: Jun 29, 2015
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Code:
    2015-06-29 09:24:22 SMTP connection from [103.24.232.218]:36772 (TCP/IP connection count = 1)
    2015-06-29 09:24:22 SMTP connection from oikm.brainbinner.org [103.24.232.218]:36772 closed by QUIT
    2015-06-29 09:24:38 SMTP connection from [103.24.232.218]:60663 (TCP/IP connection count = 1)
    2015-06-29 09:24:39 SMTP connection from oikm.brainbinner.org [103.24.232.218]:60663 closed by QUIT
    2015-06-29 09:24:53 SMTP connection from [103.252.24.243]:61054 (TCP/IP connection count = 1)
    2015-06-29 09:24:53 no host name found for IP address 103.252.24.243
    2015-06-29 09:24:54 H=([103.252.24.243]) [103.252.24.243]:61054 Warning: Sender rate 1.0 / 1h
    2015-06-29 09:24:55 1Z9UN4-0000qb-9k H=([103.252.24.243]) [103.252.24.243]:61054 Warning: Message has been scanned: no virus or other harmful content was found
    2015-06-29 09:24:59 1Z9UN4-0000qb-9k H=([103.252.24.243]) [103.252.24.243]:61054 Warning: "SpamAssassin as xxxx detected message as NOT spam (1.3)"
    2015-06-29 09:24:59 1Z9UN4-0000qb-9k <= jamie@xxx.co.uk H=([103.252.24.243]) [103.252.24.243]:61054 P=esmtp S=92386 id=6439037D-5047-4141-9A78-54331DD60B7F@coxhead.co.uk T="WhatsApp Chat with Jay Stephenson" for jamie@xxx.co.uk
    2015-06-29 09:24:59 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1Z9UN4-0000qb-9k
    2015-06-29 09:24:59 SMTP connection from ([103.252.24.243]) [103.252.24.243]:61054 closed by QUIT
    2015-06-29 09:25:00 1Z9UN4-0000qb-9k => jamie <jamie@xxx.co.uk> R=virtual_user T=virtual_userdelivery
    2015-06-29 09:25:00 1Z9UN4-0000qb-9k Completed
    2015-06-29 09:25:07 SMTP connection from [103.24.232.218]:53825 (TCP/IP connection count = 1)
    2015-06-29 09:25:07 SMTP connection from oikm.brainbinner.org [103.24.232.218]:53825 closed by QUIT
    2015-06-29 09:25:23 SMTP connection from [103.24.232.218]:56908 (TCP/IP connection count = 1)
    2015-06-29 09:25:23 SMTP connection from oikm.brainbinner.org [103.24.232.218]:56908 closed by QUIT
     
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    i have access to another email account on a different cpanel server, so i sent myself an email via MS Outlook, but before i sent this, i spoofed the sender address, to the same as the recipient.
    This email also made it to my mailbox.
    Am i missing something.

    Code:
    Event:    success success
    Sender User:    -remote-
    Sender Domain:    
    Sender:    technical@mydom.org.uk
    Sent Time:    Jun 29, 2015 11:12:11 AM
    Sender Host:    ftx-008-i894.relay.mailchannels.net
    Sender IP:    50.61.143.xxx
    Authentication:    localdelivery
    Spam Score:    0
    Recipient:    technical@mydom.org.uk
    Delivered To:    technical@mydom.org.uk
    deliveryuser:    mydomuser
    deliverydomain:    mydom.org.uk
    Router:    virtual_user
    Transport:    virtual_userdelivery
    Out Time:    Jun 29, 2015 11:12:11 AM
    ID:    1Z9W2t-0003D5-IX
    Delivery Host:    localhost
    Delivery IP:    127.0.0.1
    Size:    5.89 KB
    Result:    Message accepted
     
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Maybe i'm a little confused.
    I was under the impression that DKIM was supposed to protect against this.
    I'm now toying with DMARC.
     
  5. Clickon01

    Clickon01 Registered

    Joined:
    Jun 29, 2015
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Website Owner
    I am little bit confused!
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Just so we are clear, do you have DKIM enabled for the individual domain name, or do you have "Reject DKIM failures" enabled in "WHM >> Exim Configuration Manager"?

    Thank you.
     
Loading...

Share This Page