Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Urgent!! user sending mailing as a gmail user!!

Discussion in 'E-mail Discussion' started by bsasninja, Aug 24, 2006.

  1. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    166
    I noticed a customer that setup his outlook with a gmail account but is using my smtp server and authenticating through it for sending mails.

    Is there a way in exim to block outgoing e-mails from address like:

    *@gmail.com
    *@yahoo.com
    *@hotmail.com
    *@aol.com


    I hope you Chirpy have a solution to this.

    Thank you
     
  2. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Brasil
  3. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    166
    Ok

    Thanks for the reply, but I have other problem with this rule, this avoid that users forge common addresses and send through the server that is fine.
    But today at the filter.log I found that is blocking e-mails at phpbb administrator config or even the contact forms of my site.

    This is what I have in antivirus.exim:

    logfile /var/log/filter.log
    if (
    $received_protocol is "local" or
    $received_protocol is "esmtpa"
    ) and (
    $header_from contains "@hotmail.com" or
    $header_from contains "@yahoo.com" or
    $header_from contains "@aol.com"
    ) then
    logwrite "$tod_log $message_id from $sender_address is forged fake"
    seen finish
    endif


    Log file looks like this

    date message id xxxx@hotmail.com is forged fake
    date message id xxxx@hotmail.com is forged fake
    date message id xxxx@hotmail.com is forged fake
    date message id myuser@server1.myserver.com is forged fake -> why is blocking my form if its not especified??¿

    At exim_mainlog appears this:

    2006-08-25 13:33:47 1GGect-0001y0-5B <= myuser@server1.myserver.com U=myuser P=local S=472 T="Thanks for writing us" from <myuser@server1.myserver.com> for mail@mydomain.com

    and when it block some mail at a phpbb forum or other app that rewrite sender, log this:

    2006-08-25 11:55:59 1GGd6F-0003Sv-0q "nobody@server1.myserver.com" from env-from rewritten as "username@gmail.com" by rule 1
    2006-08-25 11:55:59 1GGd6F-0003Sv-0q <= username@gmail.com U=nobody P=local S=1069 id=3f4e19fa86634d2acef4f78242f78c05@domain.com T="Welcome to Forums" from <nobody@server1.myserver.com> for username@yahoo.com


    Do it has to be with rewriting the sender?? is there a way to avoid that with a rule???

    Thank you!
     
    #3 bsasninja, Aug 25, 2006
    Last edited: Aug 25, 2006
  4. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    166
    ok

    I think the problem is here:

    if $received_protocol is "local" or
    $received_protocol is "esmtpa"

    The rule is telling to block every message sent "local" and via "esmtpa" (mail client)

    I will try removing $received_protocol is "local" to avoid form problems and leaving only $received_protocol is "esmtpa"

    I will let you know..
     
  5. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    166
    yes, that was the problem. Now is blocking only forged address sent through authenticated accounts with a mail client.

    Would be great to apply this localy but the rewrite sender is the problem.

    If anyone has lucid mind to fix this post it here, i´ll take a cup of coffee now :D

    Bye!
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice