Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SPF record check

Discussion in 'E-mail Discussion' started by Wade John Beckett, Apr 4, 2019.

  1. Wade John Beckett

    Wade John Beckett Member

    Joined:
    May 29, 2017
    Messages:
    14
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Hello,
    I hope you are well.

    Is it possible to force an account on my server to only accept mail if it complies with the SPF policy?

    I have a client that is being spoofed from her own domain which seems to be causing her (and by extension me) untold distress (though it is more an annoyance than anything).

    The MX records are pointed to SpamExperts, but I have been told that the mail was delivered "Directly" to my server and did not pass through their filter.

    I have enabled the SPF record as well as all the necessary DMARK and DKIM records but this email is still getting through.

    Any advice?
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,826
    Likes Received:
    476
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    There is a similar thread with some suggestions you might try, located here:
    Spam email from self
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Wade John Beckett likes this.
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,008
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Wade John Beckett,

    Can you share the specific log entry from /var/log/exim_mainlog for one of the spoofed emails? You can find the log entry by using the exigrep utility as root via the command line. EX:

    Code:
    exigrep MSGSUBJECT /var/log/exim_mainlog
    Replace "MSGSUBJECT" with the subject of the email with the spoofed sender.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Wade John Beckett

    Wade John Beckett Member

    Joined:
    May 29, 2017
    Messages:
    14
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Hello,
    Thanks for the reply.

    Here is the output from the exim_mainlog for the specific message:

    2019-04-02 08:11:25.343 [2489446] 1hBCdo-00ARcM-UL H=([5.76.71.62]) [5.76.71.62]:11180 I=[**.***.***.***]:25 Warning: Message has been scanned: no virus or other harmful content was found
    2019-04-02 08:11:25.345 [2489446] 1hBCdo-00ARcM-UL <= user@domain.com H=([5.76.71.62]) [5.76.71.62]:11180 I=[**.***.***.***]:25 P=esmtp S=2955 M8S=0 RT=0.358s id=134380924.201904021711@domain.com T="Frauders known your old passwords. Access data must be changed." from <user@domain.com> for user@domain.com
    2019-04-02 08:11:25.367 [2489817] 1hBCdo-00ARcM-UL => user <user@domain.com> F=<user@domain.com> P=<user@domain.com> R=virtual_user T=dovecot_virtual_delivery S=3149 C="250 2.0.0 <user@domain.com> oNRwFQ39olxq9yUAMIJW9Q Saved" QT=0.427s DT=0.009s
    2019-04-02 08:11:25.367 [2489817] 1hBCdo-00ARcM-UL Completed QT=0.427s

    I have replaced my server IP with **.***.***.*** and the users email address with user@domain.com for security reasons.
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,008
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Wade John Beckett,

    Here's a response from the link referenced earlier in this thread:

    This should be useful in your case because the emails are sent to an email account hosted locally on the cPanel server.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice