captainron19

Active Member
Nov 10, 2011
33
1
56
cPanel Access Level
Root Administrator
A person with a domain on my server is getting a lot of emails to her email account that appear to be coming from an email account on the same domain.... when the email does not exist.

For example

Her email .. [email protected]

Email going to her with viruses attached .... [email protected]

Obviously this is some sort of email spoofing as the account [email protected] does not exist.

Should I enable "Reject SPF failures" to possibly alleviate this problem or could it pose the possibility that legitimate emails may not come through ?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello :)

Rejecting messages that fail a SPF check is a good way to prevent spoofed email. You may want to monitor your Exim logs after enabling this option to see how much legitimate email is blocked to help make a better decision.

Thank you.
 

captainron19

Active Member
Nov 10, 2011
33
1
56
cPanel Access Level
Root Administrator
Thanks.... how would I monitor the exim logs? Would I have to SSH into server via the Power Panel? If so I have no idea on SSH

I figured I could FTP into the server but I am use to FTP'ing into specific domains on the VPS. Never had to FTP into the root of server before. Attempted by using ip address of server, username "root" and my root password but could not get in via my ftp program
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
You would need to access your server as root via SSH and monitor /var/log/exim_mainlog with a command such as:

Code:
tail -f /var/log/exim_mainlog
Or, you could search the log with the exigrep utility. EX:

Code:
exigrep search-term /var/log/exim_mainlog
Information on how to access your server via SSH is available here:

cPanel - SSH Access

Thank you.