Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

reject joe job email where Return-Path does not = from:

Discussion in 'E-mail Discussion' started by boatdesign, Apr 24, 2008.

  1. boatdesign

    boatdesign Well-Known Member

    Sep 13, 2003
    Likes Received:
    Trophy Points:
    Today I got 3000 joe-job bounce emails which were sent with one of my email addresses as the return-path but with a different from: and reply-to: address.

    Return-Path: <>
    Received: from ( by (7.3.120)
    id 4628E49E18DB4454; Sun, 20 Apr 2008 19:41:00 +0200
    X-IronPort-Anti-Spam-Filtered: true
    X-IronPort-Anti-Spam-Result: Av//AM4cC0i+QZAyPGdsb2JhbACRGB4YAQEBFBw
    X-cp3a: YES
    X-IronPort-AV: E=Sophos;i="4.25,686,1199660400";
    Received: from unknown (HELO ([])
    by with SMTP; 20 Apr 2008 19:40:48 +0200
    X-Originating-IP: by smtp.; Sun, 20 Apr 2008 13:40:47 -0500
    Message-ID: <>
    From: "Somebody Shelton" <>
    Reply-To: "Somebody Shelton" <>
    Subject: Inexpensive Louis Vuitton bags
    Date: Sun, 20 Apr 2008 13:40:47 -0500
    Content-Type: text/plain;
    Content-Transfer-Encoding: 7Bit
    Return-path: <>
    Received: from ([])
    by with smtp (Exim 4.63)
    (envelope-from <>)
    id 1Jnd3s-0006Gl-SS
    for; Sun, 20 Apr 2008 19:10:45 +0200
    X-Originating-IP: by smtp.; Sun, 20 Apr 2008 13:19:20 -0500
    Message-ID: <>
    From: "somebodyelse Beard" <>
    Reply-To: "somebodyelse Beard" <>
    Subject: Inexpensive Louis Vuitton bags
    Date: Sun, 20 Apr 2008 13:19:20 -0500
    Content-Type: text/plain;
    Content-Transfer-Encoding: 7Bit
    Return-Path: <>
    Received: (qmail 44112 invoked by uid 3179); 19 Apr 2008 05:31:08 -0000
    Received: (qmail 44109 invoked from network); 19 Apr 2008 05:31:08 -0000
    Received: from (
    by with SMTP; 19 Apr 2008 05:31:08 -0000
    Received: from localhost (localhost [])
    by (Postfix) with SMTP id E8F542BD3A;
    Sat, 19 Apr 2008 01:31:07 -0400 (EDT)
    Received: from (unknown [])
    by (Postfix) with SMTP id 21B342BCF0;
    Sat, 19 Apr 2008 01:30:53 -0400 (EDT)
    X-Originating-IP: by smtp.; Sat, 19 Apr 2008 01:30:47 -0500
    Message-ID: <>
    From: "somebodyelse Ricks" <>
    Reply-To: "somebodyelse Ricks" <>
    Subject: Replica watch is a perfect gift
    Date: Sat, 19 Apr 2008 01:30:47 -0500
    Content-Type: text/plain;
    Content-Transfer-Encoding: 7Bit
    I can see no legitimate reason for my mailserver to accept bounces or any email where the return-path is different than the from address. Further no one on the server uses a separate reply-to header so I can see no legitimate reason to accept email where the reply-to header is different than the from header.

    Unfortunately when the victim of such a joe-job the mailer daemon returns are all different formats -- doesn't seem there is much of a standard there. When they often include the original message, the headers clearly show the insanity of bouncing to the return-path when it doesn't match the from or reply to address, so possibly I could scan based on this...

    Enabling domain keys and SPF help prevent some of the spammers email from getting through, but you still get the bounces it seems from these mail servers that still bounce instead of fail :(

    Any ideas for an easy solution?
    #1 boatdesign, Apr 24, 2008
    Last edited: Apr 24, 2008
  2. nickp666

    nickp666 Well-Known Member

    Jan 28, 2005
    Likes Received:
    Trophy Points:
    mailscanner watermarks all outgoing messages and when bounces come through if they dont contain a watermark it spams them out, works well for us
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. kemis

    kemis Well-Known Member

    Feb 17, 2005
    Likes Received:
    Trophy Points:
    Georgetown, TX
    The problem I've found with MailScanner's watermarking is that other legit e-mails (like out of office replies) will get spammed for some strange reason, too.

    I've had to disable watermarking until there's a way to enable/disable it per-domain. Right now it's an all or nothing approach, unfortunately.

    If I'm wrong, then PLEASE correct me!


    UPDATE: I was wrong! You CAN specify a ruleset for several different watermarking settings. Therefore, you can enable or disable watermarking behavior per domain. Sorry for any confusion - Go get MailScanner from ConfigServer!
    #3 kemis, May 10, 2008
    Last edited: May 10, 2008

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice