X-Get-Message-Sender-Via header in email

[toplisek]

The mail I receive has X-Get-Message-Sender-Via header when I check Google mail.

As I understand it will be added by the mailserver. Can be this prevented within WHM as it is seen username and also hosting server ID.

 

[cPanelMichael]

Hello,

Can you verify what method you used to send the email? Also, in "WHM >> Exim Configuration Manager", under the "Mail" tab, let us know if any of the following options are enabled:

EXPERIMENTAL: Rewrite From: header to match actual sender
Set SMTP Sender: headers
Query Apache server status to determine the sender of email sent from processes running as nobody
Trust X-PHP-Script headers to determine the sender of email sent from processes running as nobody

Thank you.

 

[toplisek]

Exim Configuration Manager: DISABLE > Default
Set SMTP Sender OFF > Default
Query Apache server status to determine the sender of email sent from processes running as nobody ON > Default
Trust X-PHP-Script headers to determine the sender of email sent from processes running as nobody ON > Default

​

 

[cPanelMichael]

Hello,

Can you verify what method you used to send the email?

Thank you.

 

[toplisek]

I'm using PHP mail function as usual.

 

[cPanelMichael]

Query Apache server status to determine the sender of email sent from processes running as nobody ON > Default
Trust X-PHP-Script headers to determine the sender of email sent from processes running as nobody ON > Default

I'm using PHP mail function as usual.

Hello,

Have you tried disabling those options to see if the issue persists?

Thank you.

 

[toplisek]

Yest it is the same. It is showing username and hosting details.

 

[cPanelMichael]

It is showing username and hosting details.

That part is actually normal. The only way to avoid that is to use SMTP authentication in your PHP script instead of using the PHP mail function.

Thank you.

 

[toplisek]

I see it is PHP programming issue.
So, due to security, we keep DEFAULT values:
Exim Configuration Manager: DISABLE > Default
Set SMTP Sender OFF > Default
Query Apache server status to determine the sender of email sent from processes running as nobody ON > Default
Trust X-PHP-Script headers to determine the sender of email sent from processes running as nobody ON > Default

Is this ok?

 

[cPanelMichael]

Hello,

Yes, it's fine to use the default values for those options unless you have a specific need not to.

Thank you.

 

[toplisek]

Thank you for this information.

 

[toplisek]

Every mail that gets sent connects to a server using the IP address, hostname, and email account. As I understand we disable it by making customizations directly to the Exim configuration. Are there steps to follow and set Exim configuration and hide just username as it is seen CP username?

 

[cPanelMichael]

Are there steps to follow and set Exim configuration and hide just username as it is seen CP username?

Hello,

Please post the specific part of the message header that you are attempting to hide. Also, is there a specific reason you prefer to hide this information?

Thank you.

 

[toplisek]

There is a part where is quoted exact username for each Control panel account and sensitive information:

X-Envelope-From: <[email protected]>

I like to hide XXX which is username and connected to the CP login and YYYhosting as sensitive information. XXX is actually crucial information.

 

[cPanelMichael]

Hello,

The only way to avoid that is to disable the PHP mail function and use SMTP authentication in your PHP script instead. While it might be possible to modify Exim to remove a header, that's unsupported and could lead to the remote mail server marking your messages as SPAM. See:

How to edit exim configuration so it do not reveal "Received: from" in headers?

Thank you.