problems with DKIM?

[keat63]

I saw this email today which seems to have slipped through the DKIM safety net, any ideas how ??

Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Mon, 29 Jun 2015 09:24:59 +0100
Received: from [103.252.24.243] (port=61054)
    by host.myservers.co.uk with esmtp (Exim 4.85)
    (envelope-from <[email protected]>)
    id 1Z9UN4-0000qb-9k
    for [email protected]; Mon, 29 Jun 2015 09:24:59 +0100
Content-Type: multipart/mixed; boundary=Apple-Mail-35D19FED-3315-4BD6-9320-8EFCBEAF9499
Content-Transfer-Encoding: 7bit
From: [email protected] <[email protected]>
Mime-Version: 1.0 (1.0)
Date: Mon, 29 Jun 2015 13:54:51 +0530
Subject: WhatsApp Chat with Jay Stephenson
Message-Id: <[email protected]uk>
To: Louise <[email protected]>
X-Mailer: iPhone Mail (11D167)
X-Spam-Status: No, score=1.3
X-Spam-Score: 13
X-Spam-Bar: +
X-Ham-Report: Spam detection software, running on the system "leeds.stlservers.co.uk",
has NOT identified this incoming email as spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
root\@localhost for details.

[email protected] is a user on a domain on my server.

[email protected], i have no idea who this is.

 

[keat63]

2015-06-29 09:24:22 SMTP connection from [103.24.232.218]:36772 (TCP/IP connection count = 1)
2015-06-29 09:24:22 SMTP connection from oikm.brainbinner.org [103.24.232.218]:36772 closed by QUIT
2015-06-29 09:24:38 SMTP connection from [103.24.232.218]:60663 (TCP/IP connection count = 1)
2015-06-29 09:24:39 SMTP connection from oikm.brainbinner.org [103.24.232.218]:60663 closed by QUIT
2015-06-29 09:24:53 SMTP connection from [103.252.24.243]:61054 (TCP/IP connection count = 1)
2015-06-29 09:24:53 no host name found for IP address 103.252.24.243
2015-06-29 09:24:54 H=([103.252.24.243]) [103.252.24.243]:61054 Warning: Sender rate 1.0 / 1h
2015-06-29 09:24:55 1Z9UN4-0000qb-9k H=([103.252.24.243]) [103.252.24.243]:61054 Warning: Message has been scanned: no virus or other harmful content was found
2015-06-29 09:24:59 1Z9UN4-0000qb-9k H=([103.252.24.243]) [103.252.24.243]:61054 Warning: "SpamAssassin as xxxx detected message as NOT spam (1.3)"
2015-06-29 09:24:59 1Z9UN4-0000qb-9k <= [email protected] H=([103.252.24.243]) [103.252.24.243]:61054 P=esmtp S=92386 [email protected] T="WhatsApp Chat with Jay Stephenson" for [email protected]
2015-06-29 09:24:59 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1Z9UN4-0000qb-9k
2015-06-29 09:24:59 SMTP connection from ([103.252.24.243]) [103.252.24.243]:61054 closed by QUIT
2015-06-29 09:25:00 1Z9UN4-0000qb-9k => jamie <[email protected]> R=virtual_user T=virtual_userdelivery
2015-06-29 09:25:00 1Z9UN4-0000qb-9k Completed
2015-06-29 09:25:07 SMTP connection from [103.24.232.218]:53825 (TCP/IP connection count = 1)
2015-06-29 09:25:07 SMTP connection from oikm.brainbinner.org [103.24.232.218]:53825 closed by QUIT
2015-06-29 09:25:23 SMTP connection from [103.24.232.218]:56908 (TCP/IP connection count = 1)
2015-06-29 09:25:23 SMTP connection from oikm.brainbinner.org [103.24.232.218]:56908 closed by QUIT

 

[keat63]

i have access to another email account on a different cpanel server, so i sent myself an email via MS Outlook, but before i sent this, i spoofed the sender address, to the same as the recipient.
This email also made it to my mailbox.
Am i missing something.

Event:    success success
Sender User:    -remote-
Sender Domain:    
Sender:    [email protected]
Sent Time:    Jun 29, 2015 11:12:11 AM
Sender Host:    ftx-008-i894.relay.mailchannels.net
Sender IP:    50.61.143.xxx
Authentication:    localdelivery
Spam Score:    0
Recipient:    [email protected]
Delivered To:    [email protected]
deliveryuser:    mydomuser
deliverydomain:    mydom.org.uk
Router:    virtual_user
Transport:    virtual_userdelivery
Out Time:    Jun 29, 2015 11:12:11 AM
ID:    1Z9W2t-0003D5-IX
Delivery Host:    localhost
Delivery IP:    127.0.0.1
Size:    5.89 KB
Result:    Message accepted

 

[keat63]

Maybe i'm a little confused.
I was under the impression that DKIM was supposed to protect against this.
I'm now toying with DMARC.

 

[Clickon01]

I am little bit confused!

 

[cPanelMichael]

Hello

Just so we are clear, do you have DKIM enabled for the individual domain name, or do you have "Reject DKIM failures" enabled in "WHM >> Exim Configuration Manager"?

Thank you.