The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SPF doesn't seem to work properly

Discussion in 'E-mail Discussions' started by darknet01001, Aug 19, 2016.

Tags:
  1. darknet01001

    darknet01001 Registered

    Joined:
    Apr 29, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brussels
    cPanel Access Level:
    Root Administrator
    Hello,
    since thusday my spf record as no effect.
    i didn't change anything on server and i don't know where is the problem.

    before problem appear
    Code:
    XXX@DOMAIN.es
    Aug 16, 2016 3:04:03 AM
    0
    XXX@DOMAIN.es
    SPF: 187.163.xxx.xxx is not allowed to send mail from example.es
    and then

    Code:
    XXX@domain.es
    Aug 16, 2016 3:28:15 PM
    0
    XXX@domain.es
    Accepted

    here a sample of spoofed mail
    Code:
    Return-Path: <XXX@domain.es>
    Delivered-To: XXX@domain.es
    Received: from main.domain.net
        by main.machine.net (Dovecot) with LMTP id cUiyHGO1tFcGBwAAAFSfFQ
        for <XXX@domain.es>; Wed, 17 Aug 2016 21:05:07 +0200
    Return-path: <XXX@domain.es>
    Envelope-to: XXX@domain.es
    Delivery-date: Wed, 17 Aug 2016 21:05:07 +0200
    Received: from [93.169.61.22] (port=2665)
        by main.domain.net with esmtp (Exim 4.87)
        (envelope-from <XXX@domain.es>)
        id 1ba69C-0000S4-A1
        for XXX@domain.es; Wed, 17 Aug 2016 21:05:07 +0200
    Date: 17 Aug 2016 23:44:10 +0200
    From: <XXX@domain.es>
    X-Priority: 3
    Message-ID: <367781502.201608172404@example.es>
    To: <XXX@domain.es>
    Subject: =?utf-8?B?QXJkbyBkZSBwYXNpw7NuLg==?=
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
        boundary="----------86CCF215E9B82B0"
    
    ------------86CCF215E9B82B0
    Content-Type: text/plain; charset="cp-850"
    Content-Transfer-Encoding: quoted-printable
    
    Estoy mojado y la necesidad de conseguir jodido esta noche!
    Usted quiere conectar?
    
    Mi nombre de usuario es Lenusik48
    
    
    Ver mi perfil y fotos
    ------------86CCF215E9B82B0
    Content-Type: text/html; charset="cp-850"
    Content-Transfer-Encoding: quoted-printable
    
    <html><head><title>=3D?utf-8?B?QXJkbyBkZSBwYXNpw7NuLg=3D=3D?=3D</title>
    <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dcp-850">
    </head>
    <body>
    Some crap message here<br>
    more crap here<br>
    <br>
    more crap here<br>
    <br>
    <a =
    href=3D"h.tp://spamexample.com/wp-content/plugins/cach=
    e/"><b>Ver mi perfil y fotos</b></a></body>
    ------------86CCF215E9B82B0--
    
    
    
    i have also do some test with - Removed - Fake Mailer to spoof email from a test mailbox
    and my server send mail from this too :(

    Thank you

    oh and there is my spf record
    Code:
    v=spf1 +a +mx +ip4:XX.XX.218.229 -all
     
    #1 darknet01001, Aug 19, 2016
    Last edited by a moderator: Aug 19, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,834
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Per the cPanel 58 Release Notes, the "Reject SPF failures" option is now always enabled through SpamAssassin, and we removed the option from WHM's Exim Configuration Manager - Basic Editor interface (WHM Home >> Service Configuration >> Exim Configuration Manager).

    Please post the output from the following commands so we can determine why it's not working on your system:

    Code:
    cat /usr/local/cpanel/version
    grep spf /etc/exim.conf.localopts /etc/exim.conf
    Thank you.
     
  3. darknet01001

    darknet01001 Registered

    Joined:
    Apr 29, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brussels
    cPanel Access Level:
    Root Administrator
    Hello,
    So my cpanel version is :
    11.58.0.25

    and the segond command return:
    /etc/exim.conf.localopts:acl_spf_bl=1

    thanks
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,834
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You can browse to "WHM >> Exim Configuration Manager >> Advanced Editor" and then search/uncheck this entry:

    spf_bl

    Thank you.
     
Loading...

Share This Page