Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Spam email from self

Discussion in 'E-mail Discussion' started by levelmeasure, Aug 9, 2018.

  1. levelmeasure

    levelmeasure Registered

    Joined:
    Aug 9, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Reseller Owner
    I have a reseller account at a host with several client domains. One client has a number of email addresses that are getting email from themselves, containing spam.

    From what I can tell, these emails are being passed as legit from my parent host's servers (the company I buy my reseller account from).

    Why don't these fail to authenticate when the fake sender sends, AND/OR when the real sender receives?

    How do I keep other people from sending email through my client's account?

    Example of Message Source in a fake email (names & numbers changed to protect privacy)
    Code:
    Return-Path: <myclient@legit.com>
    Delivered-To: myclient@legit.com
    Received: from rs2.parentserver.com
        by rs2.parentserver.com with LMTP id EiEiEi0
        for <myclient@legit.com>; Wed, 08 Aug 2018 17:19:32 -0400
    Return-path: <myclient@legit.com>
    Envelope-to: myclient@legit.com
    Delivery-date: Wed, 08 Aug 2018 17:19:32 -0400
    Received: from adsl-001.001.001.001.bogus.gr ([002.002.002.002]:10500)
        by rs2.parentserver.com with esmtp (Exim 4.91)
        (envelope-from <myclient@legit.com>)
        id 3c3c3c3c3c3c-OT
        for myclient@legit.com; Wed, 08 Aug 2018 17:19:32 -0400
    Message-ID: <001b0ddd5bbb@cmkky2by>
    From: <myclient@legit.com>
    To: <myclient@legit.com>
    Subject: Welcome to our company
    Date: 9 Aug 2018 02:05:48 +0200
    MIME-Version: 1.0
    Content-Type: text/plain;
        charset="cp-850"
    Content-Transfer-Encoding: 8bit
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
    In track delivery the acceptance looks like this (changes to names & numbers)
    Code:
    Event:    success success
    User:    -remote-
    Domain:   
    From Address:    myclient@legit.com
    Sender:   
    Sent Time:    Aug 8, 2018, 4:19:16 PM
    Sender Host:    adsl-001.001.001.001.bogus.gr
    Sender IP:    002.002.002.002
    Authentication:    localdelivery
    Spam Score:   
    Recipient:    myclient@legit.com
    Delivery User:    myclientrealusername
    Delivery Domain:    legit.com
    Delivered To:    myclient@legit.com
    Router:    virtual_user
    Transport:    dovecot_virtual_delivery
    Out Time:    Aug 8, 2018, 4:19:16 PM
    ID:    3c3c3c3c3c3c-OT
    Delivery Host:    localhost
    Delivery IP:    100.0.0.1
    Size:    1.66 KB
    Result:    Accepted
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,204
    Likes Received:
    228
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @levelmeasure

    Does your client have a valid SPF and DKIM? What your describing sounds a bit like spoofing.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. levelmeasure

    levelmeasure Registered

    Joined:
    Aug 9, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Reseller Owner
    Yes, SPF and DKIM are configured. The email server does not recognize it as coming from an unauthorized sender. It gets passed through as really having come from the recipient's own email account. My concern is not knowing who else is getting email that appears to come from my client.

    Thanks
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,204
    Likes Received:
    228
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice