The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam for same email

Discussion in 'E-mail Discussions' started by Psynetic, Jul 15, 2010.

  1. Psynetic

    Psynetic Member

    Joined:
    Jul 15, 2010
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    hello

    I have strange situation some customers are receiving spam from your own email example:

    from: psy@domain.tld
    To: psy@domain.tld

    We spf and Domain keys activated

    In one client starts receiving spam mail after the activation of SPF.

    Have you any idea about what may be causing?:confused:

    Tks
     
    #1 Psynetic, Jul 15, 2010
    Last edited by a moderator: Jul 15, 2010
  2. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Would you be able to provide the SPF record being used on the domain? This will help to more accurately diagnose what role the SPF record may have in the symptoms.

    Do you currently have a default address setup as a black hole destination, or as a catch-all (to have incoming messages addressed to non-existent addresses redirected to a specific e-mail account)? Ideally the default address should be set to something like ":fail: No Such User Here" (i.e., to reject) incoming messages directed at unknown addresses.
     
    #2 cPanelDon, Jul 15, 2010
    Last edited: Jul 15, 2010
  3. Psynetic

    Psynetic Member

    Joined:
    Jul 15, 2010
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    the SPF IS v=spf1 a mx ip4:xxx.xx.xx.xxx ?all


    The catch all was disable and option :fail: is enable.

    Detected in exim mainlog that the email was sent external ip, but can not find in the maillog log ,authentication of the account where the email was sent. :mad:

    tks for help
     
  4. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    To the best of my knowledge it is normal for the main server IP address to always be specified in the SPF record; the dedicated site IP address is accounted for by the A and MX records.

    The SPF record provided uses "?all" that is neutral and will not result in a hard or soft failure and thus not reject e-mail if the sender host does not match any of those that are defined in the applicable SPF record.

    The following circumstances are required in order to enforce a policy based upon SPF records:
    1. The SPF record will need to be updated from "?all" to "-all" -- from implying that the record does not specify all hosts "?all" to stating that the record is inclusive of all hosts "-all" that may send mail for your domain; this may be configured using cPanel via the following menu path: cPanel: Main >> Mail >> Email Authentication >> SPF >> Advanced Settings >> All Entry (ALL) If you are sure you have entered all hosts (your primary mail exchanger and any other mx entries are automatically included) that will send mail for your domain, check this box to exclude all other domains.
    2. The Exim mail server configuration will need to check for and act upon checking SPF records; this may be setup via WebHost Manager at the following menu path: WHM: Main >> Service Configuration >> Exim Configuration Editor >> Standard Options >> ACL Options >> Blacklist: SPF Checking [?] Reject mail at SMTP time if the sender fails SPF checks.
     
Loading...

Share This Page