Email Forwarding Problem

MaRiOsGR66

• February 01, 2018 11:35

I've notices lately many bounce emails which actually have the message: SMTP error from remote mail server after end of data: 421-4.7.0 [ IP 15] Our system has detected that this message is 421-4.7.0 suspicious due to the very low reputation of the sending IP address. 421-4.7.0 To protect our users from spam, mail sent from your IP address has 421-4.7.0 been temporarily rate limited. Please visit 421 4.7.0 Track Delivery -> Show Deferred I can see many many emails like that, all spam that recieve SMTP error from google. The REAL problem here is that wondered, if I'm I've setup many RBL's what does spam get through ? so I did check the ip of the spam email: H=(removed.com) [114.234.57.84] and it is blacklisted in many RBLs including CBL and Spamhaus where I allready use in this server, so why did the spam got through ? So if I change to cPanel -> Track Delivery -> Show Failures I can see that the email above was allready rejected!!!!: sgww@removed Feb 1, 2018 3:38:15 PM 0 info@mycustomersdomain.gr JunkMail rejected - (csrd.com) [49.68.127.146]:1048 is in an RBL: Client host blocked using Barracuda Reputation, see BarracudaCentral.org - Technical Insight for Security Pros So the real problem here is that if a spam is received and it's ip exist in one of the blacklists, the local email user will not get that email, but if that local email user has a forwarding email setup, the spam email will be forwarded, thats getting the server's ip reputation to a terrible place. How can I fix that ?

• 

  cPanelMichael

  • February 01, 2018 17:56

  So the real problem here is that if a spam is received and it's ip exist in one of the blacklists, the local email user will not get that email, but if that local email user has a forwarding email setup, the spam email will be forwarded, thats getting the server's ip reputation to a terrible place. How can I fix that ?

  
  Hello, The following options are available under the "Apache SpamAssassin Options" tab in "WHM >> Exim Configuration Manager >> Basic Editor" and can help protect against the situation you have described: Do not forward mail to external recipients if it matches the Apache SpamAssassin" internal spam_score setting Do not forward mail to external recipients based on the defined Apache SpamAssassin" score Note the description for both options: This option requires that each user enable Apache SpamAssassin" or the "Apache SpamAssassin": Forced Global ON" is enabled. Thank you.

  0
• 

  MaRiOsGR66

  • February 01, 2018 19:14

  Hello Michael, does spamassasin use the RBL that I have setup in Exim ?

  0
• 

  cPanelMichael

  • February 01, 2018 19:42

  does spamassasin use the RBL that I have setup in Exim ?

  
  No, the Exim RBL options work separately from SpamAssassin. This is discussed at: Thank you.

  0
• 

  MaRiOsGR66

  • February 02, 2018 08:02

  So this solution wouldn't be a solution, because the existence in an RBL that is installed in the server is 100% guaranteed block of the spam email, but using spamassasin isn't.

  0
• 

  MaRiOsGR66

  • February 02, 2018 11:40

  I did try to enable both options (after enabling Spamassassin for the previous mentioned account) but only the first one is...available. Any idea why ? 50603

  0
• 

  cPanelMichael

  • February 02, 2018 14:53

  Hello, You can only use one or the other. Both options do the same thing, but one uses the internal spam_score setting and the other allows you to define a specific SPAM score (so you can be more aggressive or conservative when blocking outgoing SPAM specifically sent via forwarders). Thank you.

  0
• 

  MaRiOsGR66

  • February 02, 2018 17:37

  thank you for the clarification Michael.

  0

Please sign in to leave a comment.