The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spoofing Mail From My Server

Discussion in 'E-mail Discussions' started by ARWEB, Apr 13, 2010.

  1. ARWEB

    ARWEB Member

    Joined:
    Jul 19, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Hello people,

    I have a problem with some of my clients. I have some servers and some of my clients send mail authenticating with their mails but using other accounts (out of my clients) as sender, for example:

    Client: clientone.com
    Authenticate Email: admin@clientone.com
    Sender Email: marketing@anydomain.com


    How could I do to take control about mails which go out from my server or even go in from accounts of my clients with characteristics above?

    Thank you for your help.
     
  2. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Ensure Exim, the mail transport agent (MTA), always sets the Sender header

    To counteract this type of issue you can set the local mail server (Exim) to always set the Sender header of outgoing messages.

    The following setting should help:
    WHM: Main >> Service Configuration >> Exim Configuration Editor >> Standard Options >> Mail
    • Set the Sender: Header when the mail sender changes the sender (-f flag passed to sendmail).
      Always set the "Sender:" header when the sender differs from the actual sender. Unchecking this will stop "On behalf of" data in Microsoft® Outlook, but may limit your ability to track abuse of the mail system.
     
  3. ARWEB

    ARWEB Member

    Joined:
    Jul 19, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Don't work this option

    By default this option is unchecked. I did test and I could send always. I checked this option and I could send always too so what's the difference????

    I have a domain @domain.com
    I have an account myname@domain.com
    I send mails trought myname@domain.com but using othername@domain.com and I receive mails from this accout.

    Do you think I'm doing something wrong? Do I need to restar exim? In this case @domain.com and the target accounts in @otherdomain.com are in the same DNS.

    Please, help me, thank you.
     
  4. ARWEB

    ARWEB Member

    Joined:
    Jul 19, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Also wrong

    I restart EXIM and I can send mails too. I was trying trought webmail and outlook but in this case, next to restart EXIM when I try to send mails from webmail I receive it but if I send mails from Outlook I don't received them.

    Could you explain me better this option? Could you say me If I can do the same for webmail to block this kind of message?

    Thank you for your news.

    Bye.
     
  5. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    The option to always set the Sender header does exactly as the option is described, it ensures that Exim always sets the correct Sender header of an outbound message sent via the local Exim MTA.

    The aforementioned Exim configuration option is not designed to block mail from sending; that is not the intention. To verbosely clarify, the intention is to ensure the Sender header is always set and set correctly to the true sender of the outbound message.

    Please be aware that an e-mail Sender header may differ from the e-mail From header; thus, to see the Sender header you might have to View Source of the received message in order to see the full e-mail header details that are involved.

    By having the Sender header set, you can, therefore, decide how to handle the individual message once received via your mail client software, such as Mozilla Thunderbird or Microsoft Outlook, both of which allow you to view the full e-mail headers of a received message.
     
  6. ARWEB

    ARWEB Member

    Joined:
    Jul 19, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Example!!!!

    Do you think, you can give me an example to do test by webmail and by Outlook?

    And, other question, Could CPANEL Ensure Exim use this option for specific user? with some addon?

    Thank you very much.
     
  7. ARWEB

    ARWEB Member

    Joined:
    Jul 19, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Fail option

    I tried with this option and I received all mails so this option doesn't work correctly or do you think some other option can be relationship?

    I will be waiting for your news and for your example.

    Thank you.
     
  8. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Authentication and sending mail are two separate things.

    You can always take the message ID from the headers of the sent message and review your exim logs for that message ID to find out what SMTP authentication was used. This may require extended exim logging, I'm not sure.
     
  9. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Regarding an option to enforce a failure of messages with a mismatched Sender header versus the From header, I cannot guarantee if this will work or how well it may work, but I would try something like what is suggested in the following thread in the Exim Users mailing list:
     
  10. maverick23

    maverick23 Well-Known Member

    Joined:
    Feb 23, 2005
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    is there still any solution to this... i am even facing the same problem as sender1 is able to send mail from sender2 authentication.... pl suggest
     
  11. ARWEB

    ARWEB Member

    Joined:
    Jul 19, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
  12. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
  13. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    There are different verifications you can setup both outbound and inbound but it should be noted that there is nothing that can be done about forged from headers as email unfortunately was not designed to prevent this.

    In example, I can send email from anyone I wish and I could easily send out email saying I'm actually the President of the United States or anyone I wish and have that shown as my "From" and "Reply-To" headers but most servers out there are going to kick my mail because I am not sending from the correct IP address associated with that domain name but in some cases, I might actually be able to get away with the forged header.

    If your user is authorized to send through your server and have verified themselves, they are indeed able to setup any header they wish and claim to be anyone they wish as well on or off your server ----

    However, nothing stops you from appending extra headers that identifies their true identity and Cpanel has a number of options in both "Exim Configuration" and "Tweak Settings" pertaining to this specifically.
     
  14. thobarn

    thobarn Well-Known Member

    Joined:
    Apr 25, 2008
    Messages:
    153
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    sanctum sanctorum
    [strike]Could you please elaborate how exactly it does this? Here is an email sent with this option NOT selected; no Sender header, as expected. But here is another one with the option selected and sender forged as well; still no Sender header.[/strike]

    Edited to add: OK, ignore me pls. must read the docs more closely. Totally missed the 'local' part :)
     
    #14 thobarn, May 15, 2010
    Last edited: May 15, 2010
  15. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    There is nothing that can be done to stop forged headers themselves but with a few configuration options like those mentioned, the forgeries will become obvious and information tracing back to the real source included.
     
  16. ARWEB

    ARWEB Member

    Joined:
    Jul 19, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    I'm a bit slow to learn so somebody could write me step by step any solution? Thank you.
     
Loading...

Share This Page