The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Temporarily Disabling Email Account Question

Discussion in 'E-mail Discussions' started by basshook, Aug 25, 2013.

  1. basshook

    basshook Active Member

    Joined:
    Jul 27, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Hi all, I've read through a number of threads regarding the disabling of email accounts but none that I've found so far really answer my question so I will try to elaborate here.

    I have a valuable client with an imap (squirrelmail) email account that some spammer is spoofing on a regular basis for the last three months and has done in the past also. Usually he/she stops after a month and I ignore it. But now I want to somehow disable the email account without loosing all the data (no migrating feature in squirrelmail) and create a forwarder to another email address with the idea that my client will still receive legititmate email from his hundreds of clients, but the spammer will not be able to use it. I know that it will probably work if I delete the account but was hoping to avoid that. Also he refuses to change his email address because of the length of time he's had it and the painstaking effort to notify all his clients.

    After about two months, I thought I'd re-enable the account with all his data again (hopefully) to see if that stops the spoofing. Is this possible or is there another way to stop the spoofing as I receive hundreds of failure messages each day from it? Sooner or later I imagine I will be dealing with RBL's which I hope to avoid.

    Sorry for the long winded post.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Deleting the email account will not prevent spoofing attempts. They can occur even when the email account does not exist. One method to avoid this type of behavior is to ensure the domain name uses a SPF record. You can add a SPF record for the account under the "Email Authentication" option in cPanel. Then, remote mail servers that check for SPF records can verify if the email is legitimate.

    Thank you.
     
  3. basshook

    basshook Active Member

    Joined:
    Jul 27, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for your reply. I have SPF and DKIM enabled but it isn't stopping the spoofing. I get hundreds of failed messages a day related to this spoofer. It only seems to occur with the one account. I guess there is nothing I can do about it except to let mailwatch continue to flag them as spam so the client doesn't see them. What are your thoughts regarding possibly getting black listed because of this spammer?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Have you confirmed the email is coming from a remote server and not locally? If it's a spammer on your own server, then the following document may be helpful:

    Prevent Email Abuse

    Otherwise, you may want to determine the source through the headers and report this to their email administrator.

    Thank you.
     
  5. basshook

    basshook Active Member

    Joined:
    Jul 27, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    I have paid a tech to look at my server and he assures me that it isn't originating from my server. Here are the headers from one of the failure messages for you to peruse and provide feedback if you will. These headers don't show the original email that was sent however. I replaced my clients email address with username/website.com and my server name with myserver.com. Thanks for the link I'll be doing some of those if not all recommendations for sure.

     
    #5 basshook, Aug 26, 2013
    Last edited: Aug 26, 2013
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    In "WHM Home » Service Configuration » Exim Configuration Manager", under "ACL Options", you can enable the following option:

    "Reject SPF failures"

    This should help prevent spoofing for domain names with valid SPF records. However, it will only block emails sent to your server that do not have valid SPF records. If someone sends an email from a remote server to another remote server, it's up to the remote mail server to implement anti-spoofing techniques.

    Thank you.
     
  7. basshook

    basshook Active Member

    Joined:
    Jul 27, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    cPanelMichael, thanks for all your help. It is a spammer/spoofer that is sending emails from a remote server to a bunch of other remote servers so I guess there is nothing I can do about it. Why he chose this email address is beyond me but it is what it is. I guess if my server ip gets black listed by a rbl I will deal with it at that time. Again thanks for all your help and links.
     
Loading...

Share This Page