Server Side Spam Block Information

efuzone

Well-Known Member
Mar 17, 2011
79
0
56
cPanel Access Level
Root Administrator
Hello,

Now a days some of our customers getting emails from their own emails, and subject is not same some people get subject with their own name etc, and email has body for example your email address is hacked, I am hacker blah blah.

I have checked source i know it is from outside email and i have blocked IP in CSF.

I can also apply global filter in domain for example body: contains: hacked, hacker, bitcoin etc but the issue is i have many domains in one server I want to apply something through exim or server side so it should be apply globally and email discarded if body contains some phrase which i will add there..

Please tell me is there any solution.
 

efuzone

Well-Known Member
Mar 17, 2011
79
0
56
cPanel Access Level
Root Administrator
Hello,

This is not what i am looking for, I have multiple servers and users complaining they are getting emails from their own emails and there is written. I have full access of your email etc pay me through bitcoin to avoid losses etc.. When we check emails are from other ips and other hosts. Lets suppose if we block that host. It will come from another hosts. How to handle this situation.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello @efuzone,

One additional option to consider is Require remote (domain) HELO found under the ACL Options tab in WHM >> Exim Configuration Manager >> Basic Editor. This option will prevent someone from using local domains hosted on the cPanel server as the FROM address during the SMTP transaction with an error like this:

Code:
 "REJECTED - Bad HELO - Host impersonating [testing.tld]"
Additionally, you could enable the following options under the ACL Options tab in WHM >> Exim Configuration Manager >> Basic Editor to reject emails that fail DKIM verification:

Allow DKIM verification for incoming messages
Reject DKIM failures


Thank you.
 

efuzone

Well-Known Member
Mar 17, 2011
79
0
56
cPanel Access Level
Root Administrator
Hello,

See what type of emails users getting.

Code:
Your account is infected! Renew the password right this moment!
You probably do not heard about me and you obviously are most likely wanting to know for what reason you're receiving this email, proper?
I'm ahacker who exploitedyour emailand all devicesseveral months ago.
blah blah blah

Great, in my opinion, 1000 USD is basically a reasonable price for our small riddle. You will make your payment by bitcoins (if you don't understand this, search “how to purchase bitcoin” in any search engine).
My bi*** wallet address:
*****************
(It is cAsE sensitive, so just copy and paste it).
Important:
You will have only 2 days in order to make the ...................
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
See what type of emails users getting.
Can you share the message header (ensuring to remove real domain names and IP addresses) along with the entry from /var/log/exim_mainlog? EX:

Code:
exigrep MSG-SUBJECT /var/log/exim_mainlog
Replace "MSG-SUBJECT" with the subject associated with the one of those emails. Ensure to remove real domain names and IP addresses when you paste the output here.

Thank you.