Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Spam send from mydomain to mydomain

Discussion in 'E-mail Discussion' started by net@work, Mar 3, 2018.

Tags:
  1. net@work

    net@work Well-Known Member

    Joined:
    Aug 3, 2016
    Messages:
    48
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Everywhere
    cPanel Access Level:
    Root Administrator
    Hello,

    Recently I see that from a particular domain example: mydomain.com someone (remote) sends email to mydomain.com email address..

    Example: I have an email account info@mydomain.com

    The spammer send me an email as: info@mydomain.com

    The headers:

    Code:
    From: <info@mydomain.com>
    To: <info@mydomain.com>
    Subject: Something
    
    Delivered-To: info@mydomain.com
    
    Envelope-to: info@mydomain.com
    Message-ID: <MESSAGEID@mydomain.com>
    
    .....
    
    Return-Path: <info@mydomain.com>
    Return-Path: <info@mydomain.com>
    
    X-Mailer: Microsoft Outlook 14.0
    
    X-Spam-Flag: YES
    ...
    ...
    ...
    1.5 SPF_SOFTFAIL     SPF: sender does not match SPF record (softfail)
    
    I think is a spoof email but the strange in all that is that the message-id at the end has the mydomain.com!!

    How it is possible?

    Also I have spamassassin that mark that message as spam but how this remote user can send a message like that?

    Any advice is highly appreciated!!
     
  2. MrCanada

    MrCanada Member

    Joined:
    Dec 23, 2017
    Messages:
    11
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    1.5 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

    The SPF is not passing. When SPF doesn't pass there is a good chance the email will go to spam/junk because it can't verify the sender. Have you set up SPF?
     
  3. net@work

    net@work Well-Known Member

    Joined:
    Aug 3, 2016
    Messages:
    48
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Everywhere
    cPanel Access Level:
    Root Administrator
    Thanks for the reply!
    Yes the message marked as SPAM message.
    But I can't understand how someone can make message-id at the end have sign of mydomain.com!

    I see that this email delivered from -remote- and not local. That I think seems that the account is not hacked. But I can't understand 1st why the server deliver that message (I have spf configured) and 2nd how the -remote- sender make message-id seems that is from mydomain.com!!
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,197
    Likes Received:
    1,936
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    One option to consider is Sender Verification Callouts, found under the "Mail" tab in "WHM >> Exim Configuration Manager >> Basic Editor". Per it's description:

    Use callouts to verify the existence of email senders. Exim will connect to the mail exchanger for a given address to verify it exists before accepting mail from it.

    However, generally the better approach is to implement a technology such as like S/MIME or PGP to sign individual messages. It's not a feature offered in cPanel & WHM directly, and thus would require your email users to setup their email clients to use the technology. Once configured, the user's email client could indicate that a message was not signed (and thus is forged).

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    net@work likes this.
  5. net@work

    net@work Well-Known Member

    Joined:
    Aug 3, 2016
    Messages:
    48
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Everywhere
    cPanel Access Level:
    Root Administrator
    Thank you! I will try the first and I'll talk for the second solution to my clients... :)
     
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice