Psynetic

Member
Jul 15, 2010
5
0
51
hello

I have strange situation some customers are receiving spam from your own email example:

from: [email protected]
To: [email protected]

We spf and Domain keys activated

In one client starts receiving spam mail after the activation of SPF.

Have you any idea about what may be causing?:confused:

Tks
 
Last edited by a moderator:

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,544
13
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
hello

I have strange situation some customers are receiving spam from your own email example:

from: [email protected]
To: [email protected]

We spf and Domain keys activated

In one client starts receiving spam mail after the activation of SPF.

Have you any idea about what may be causing?:confused:

Tks
Would you be able to provide the SPF record being used on the domain? This will help to more accurately diagnose what role the SPF record may have in the symptoms.

Do you currently have a default address setup as a black hole destination, or as a catch-all (to have incoming messages addressed to non-existent addresses redirected to a specific e-mail account)? Ideally the default address should be set to something like ":fail: No Such User Here" (i.e., to reject) incoming messages directed at unknown addresses.
 
Last edited:

Psynetic

Member
Jul 15, 2010
5
0
51
the SPF IS v=spf1 a mx ip4:xxx.xx.xx.xxx ?all


The catch all was disable and option :fail: is enable.

Detected in exim mainlog that the email was sent external ip, but can not find in the maillog log ,authentication of the account where the email was sent. :mad:

tks for help
 

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,544
13
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
the SPF IS v=spf1 a mx ip4:xxx.xx.xx.xxx ?all

The catch all was disable and option :fail: is enable.

Detected in exim mainlog that the email was sent external ip, but can not find in the maillog log ,authentication of the account where the email was sent. :mad:

tks for help
To the best of my knowledge it is normal for the main server IP address to always be specified in the SPF record; the dedicated site IP address is accounted for by the A and MX records.

The SPF record provided uses "?all" that is neutral and will not result in a hard or soft failure and thus not reject e-mail if the sender host does not match any of those that are defined in the applicable SPF record.

The following circumstances are required in order to enforce a policy based upon SPF records:
  1. The SPF record will need to be updated from "?all" to "-all" -- from implying that the record does not specify all hosts "?all" to stating that the record is inclusive of all hosts "-all" that may send mail for your domain; this may be configured using cPanel via the following menu path: cPanel: Main >> Mail >> Email Authentication >> SPF >> Advanced Settings >> All Entry (ALL) If you are sure you have entered all hosts (your primary mail exchanger and any other mx entries are automatically included) that will send mail for your domain, check this box to exclude all other domains.
  2. The Exim mail server configuration will need to check for and act upon checking SPF records; this may be setup via WebHost Manager at the following menu path: WHM: Main >> Service Configuration >> Exim Configuration Editor >> Standard Options >> ACL Options >> Blacklist: SPF Checking [?] Reject mail at SMTP time if the sender fails SPF checks.