The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sender Header

Discussion in 'Security' started by upsforum, Apr 30, 2015.

  1. upsforum

    upsforum Well-Known Member

    Joined:
    Jul 27, 2005
    Messages:
    446
    Likes Received:
    0
    Trophy Points:
    16
    Hi Michael,

    I enabled Rewrite From, in my exim_mainlog I have many messages like this:

    2015-04-30 21:48:01 1Ynskq-0005aU-9c From: header (rewritten was: [fakeuser@fakedomain.it], actual sender does not match) original=[fakeuser@fakedomain.it] actual_sender=[email@localdomain.it]

    every message use differents fakeuser and fakedomain but email@localdomain.it (this account is a regular email account on the server) it is always the same

    how can I do to stop them?

    thank you
     
  2. upsforum

    upsforum Well-Known Member

    Joined:
    Jul 27, 2005
    Messages:
    446
    Likes Received:
    0
    Trophy Points:
    16
    I can not understand this message:

    2015-04-30 19:52:11 1Ynsd9-0000pl-Iz SMTP connection identification H=localhost A=::1 P=55855 M=1Ynsd9-0000pl-Iz U=root ID=0 S=root B=authenticated_local_user
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    You should change the password (and contact the client) of the real email account because the log indicates that users are authenticating with that email user and using it to send email from fake addresses.

    This thread should help:

    https://forums.cpanel.net/threads/reading-and-understanding-the-exim-main_log.445812/

    Thank you.
     

Share This Page