Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Server Side Spam Block Information

Discussion in 'E-mail Discussion' started by efuzone, Feb 24, 2019.

  1. efuzone

    efuzone Well-Known Member

    Joined:
    Mar 17, 2011
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    56
    cPanel Access Level:
    Root Administrator
    Hello,

    Now a days some of our customers getting emails from their own emails, and subject is not same some people get subject with their own name etc, and email has body for example your email address is hacked, I am hacker blah blah.

    I have checked source i know it is from outside email and i have blocked IP in CSF.

    I can also apply global filter in domain for example body: contains: hacked, hacker, bitcoin etc but the issue is i have many domains in one server I want to apply something through exim or server side so it should be apply globally and email discarded if body contains some phrase which i will add there..

    Please tell me is there any solution.
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,529
    Likes Received:
    2,181
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. efuzone

    efuzone Well-Known Member

    Joined:
    Mar 17, 2011
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    56
    cPanel Access Level:
    Root Administrator
    Hello,

    This is not what i am looking for, I have multiple servers and users complaining they are getting emails from their own emails and there is written. I have full access of your email etc pay me through bitcoin to avoid losses etc.. When we check emails are from other ips and other hosts. Lets suppose if we block that host. It will come from another hosts. How to handle this situation.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,529
    Likes Received:
    2,181
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @efuzone,

    One additional option to consider is Require remote (domain) HELO found under the ACL Options tab in WHM >> Exim Configuration Manager >> Basic Editor. This option will prevent someone from using local domains hosted on the cPanel server as the FROM address during the SMTP transaction with an error like this:

    Code:
     "REJECTED - Bad HELO - Host impersonating [testing.tld]"
    Additionally, you could enable the following options under the ACL Options tab in WHM >> Exim Configuration Manager >> Basic Editor to reject emails that fail DKIM verification:

    Allow DKIM verification for incoming messages
    Reject DKIM failures


    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. efuzone

    efuzone Well-Known Member

    Joined:
    Mar 17, 2011
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    56
    cPanel Access Level:
    Root Administrator
    Hello,

    See what type of emails users getting.

    Code:
    Your account is infected! Renew the password right this moment!
    You probably do not heard about me and you obviously are most likely wanting to know for what reason you're receiving this email, proper?
    I'm ahacker who exploitedyour emailand all devicesseveral months ago.
    blah blah blah
    
    Great, in my opinion, 1000 USD is basically a reasonable price for our small riddle. You will make your payment by bitcoins (if you don't understand this, search “how to purchase bitcoin” in any search engine).
    My bi*** wallet address:
    *****************
    (It is cAsE sensitive, so just copy and paste it).
    Important:
    You will have only 2 days in order to make the ...................
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,942
    Likes Received:
    485
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,529
    Likes Received:
    2,181
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Can you share the message header (ensuring to remove real domain names and IP addresses) along with the entry from /var/log/exim_mainlog? EX:

    Code:
    exigrep MSG-SUBJECT /var/log/exim_mainlog
    Replace "MSG-SUBJECT" with the subject associated with the one of those emails. Ensure to remove real domain names and IP addresses when you paste the output here.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice