Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Self sent spam

Discussion in 'E-mail Discussion' started by Dante78, Apr 1, 2013.

  1. Dante78

    Dante78 Well-Known Member

    Joined:
    May 1, 2010
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    56
    Hello

    Our clients are complaining that are receiving mails sent by them selves. On the sender it appears their e-mail adress. How can we stop this abuse?

    Thanks
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,571
    Likes Received:
    439
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    In your cPanel > Mail section > Default Address, what is this set to?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Dante78

    Dante78 Well-Known Member

    Joined:
    May 1, 2010
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    56

    Send all unrouted email for:

    Current Setting: :fail: No Such User Here


    What is the connection between this setting and my issue? :D
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,571
    Likes Received:
    439
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If that was set some other way, a spammer could send emails to that user all day long.

    Is email authentication enabled?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Dante78

    Dante78 Well-Known Member

    Joined:
    May 1, 2010
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    56
    Hello

    I guess i wasn't clear. Sorry for that. I'm trying to say that on a spam mail the sender is the same as the recipient. But the owner of the mail account didn't send that mail. The mail was sent from an external IP.

    thanks
     
  6. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    Have you scanned all accounts just to ensure there is no malware in any of the accounts or they are not hacked.
    Hacked accounts or infected accounts can be one of the reason for the spamming.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,348
    Likes Received:
    60
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    It's probably just a spammer forging the FROM address to be the same as the TO address. Pretty darned common. Very hard to block it if the content itself does not appear spammy enough to be ditched by spamassassin. Obviously you can't block the sender address.

    On some mail systems you can tell the mailsystem not to accept mail from userA@domainA.com if userA@domainA.com exists, and certainly there would be a way to tell Exim to do the same. The problem is that userA@domainA.com might want to legitimately send mail to themselves, and blocking mail from the user would prevent users from sending mail to themselves. I send email to myself on occasion, and I wouldn't want it blocked. But that leaves you depending upon SpamAssassin (or whatever antispam platform you are using) to be able to distinguish that it is spam based upon its content or the IP address it is coming from.

    M
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice