The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Way to defeat spoofed/returned emails in exim?

Discussion in 'E-mail Discussions' started by bmcpanel, Jul 1, 2006.

  1. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    We have all witnessed the spammer/spoofer, who sends an email with a FROM address that belongs to a client on our servers. Our exim queue then gets flooded with bounced messages from the spam that was sent out (Gets returned to the legal FROM address that the spammer used).

    I have hundreds and hundreds of these types of email in my exim queue tied to a single domain on my server. I have gone into his Cpanel and made his default email address :blackhole: .

    Is there another, centralized way that exim can be configured to defeat this type of useless bounced email resulting from spoofed FROM addresses?

    <sigh> I spend more time each day dealing with spam related issues than anything else these days. </sigh>
     
  2. Lyttek

    Lyttek Well-Known Member

    Joined:
    Jan 2, 2004
    Messages:
    770
    Likes Received:
    3
    Trophy Points:
    18
    Not that it will help this particular problem, but you've seen the posts about using :fail: instead of :blackhole: ... right?
     
  3. oulzac

    oulzac Well-Known Member

    Joined:
    Aug 7, 2005
    Messages:
    131
    Likes Received:
    0
    Trophy Points:
    16
    correctly setup SPF records will help as well.
     
  4. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    Originally, this account was setup to send unrouted mail to :blackhole:

    Now, all accounts are set to :fail: on the server as was suggested at http://www.configserver.com/free/fail.html

    I am monitoring the queue to see if this has helped. My first observations indicate that it has helped.
     
    #4 bmcpanel, Jul 4, 2006
    Last edited: Jul 4, 2006
  5. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    As I understand it, SPF records are not universal, and compliance is low. Is SPF really effective at this early stage in its implementation?

    Does a CPanel server handle the SPF protocol well on incoming email or does it ignore it?
     
  6. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    If you do any email forwarding, that mail may be rejected by a server using strict SPF.
    See the FAQ's on SPF.
     
  7. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    Right, but does Cpanel support SPF? Will exim stop email forwards from coming in based on SPF?
     
  8. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    This is an Exim (not cPanel) function. There are a couple of ways to implement depending on your objective. You may want to read through this thread as a start http://forums.cpanel.net/showthread.php?t=39349. SpamAssassin will also do SPF checks through a ruleset (if you are using it).
     
Loading...

Share This Page