Email account is receiving lots of spam bounces

pedgarc

• August 31, 2021 22:20

Hello there, Actually an email account is receiving bounces like this: Mail delivery failed: returning message to sender. When I see the headers, the bounce is because of is sending spam, but when I search Mail Delivery Reports, and exim_mainlog/maillog, the e-mail log is not there! Also, the header looks like this: Mail delivery failed: returning message to sender From Mail Delivery System on 2021-08-31 21:47 From Mail Delivery System To my_customer@domain.com Action: failed Final-Recipient: rfc822;some_real_name@other_domain.com Status: 5.0.0 Return-path: Received: from [195.33.210.155] (port=45960 helo=dnztech.net) by nd6.rackslot.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1mL21b-0007Qg-QE for some_real_name@other_domain.com; Tue, 31 Aug 2021 06:33:57 -0500 Received: from webmail.paksaglik.com (localhost [IPv6:::1]) by dnztech.net (Postfix) with ESMTPSA id D8A34408FB7E; Tue, 31 Aug 2021 12:26:08 +0300 (+03) Authentication-Results: dnztech.net; spf=pass (sender IP is ::1) smtp.mailfrom=my_customer@domain.com smtp.helo=webmail.paksaglik.com Received-SPF: pass (dnztech.net: connection is authenticated) MIME-Version: 1.0 Date: Tue, 31 Aug 2021 10:26:08 +0100 From: John Doe I don't know why the e-mail was sent from webmail.paksaglik.com and envelope-from from my customer email account (my_customer@domain.com), any idea about how to stop this? Thanks in advance, and sorry for my bad english.

• 

  cPRex Jurassic Moderator

  • September 01, 2021 13:47

  Hey there! It sounds like your email address was spoofed to send fake messages, and you are receiving the bounceback of those messages. There isn't a 100% guaranteed way to stop this behavior, as spammers often make up addresses at random, but I would recommend ensuring that you have SPF and DKIM records in place. This will ensure that legitimate email you do send is marked as valid, and should eventually help the spammers fake messages get blocked. Details on how to check the mail deliverability settings can be found here: Email Deliverability in cPanel | cPanel & WHM Documentation

  0
• 

  pedgarc

  • September 01, 2021 15:48

  Hey there! It sounds like your email address was spoofed to send fake messages, and you are receiving the bounceback of those messages. There isn't a 100% guaranteed way to stop this behavior, as spammers often make up addresses at random, but I would recommend ensuring that you have SPF and DKIM records in place. This will ensure that legitimate email you do send is marked as valid, and should eventually help the spammers fake messages get blocked. Details on how to check the mail deliverability settings can be found here: , is a good idea follow these steps? Thanks!

  0
• 

  cPRex Jurassic Moderator

  • September 01, 2021 15:50

  Sure - that's a great idea and I didn't come across that in my search!

  0
• 

  pedgarc

  • September 01, 2021 16:08

  Sure - that's a great idea and I didn't come across that in my search!

  
  Great cPRex! I have added those lines in Exim configuration, thanks for your time and have a great day!

  0
• 

  cPRex Jurassic Moderator

  • September 01, 2021 16:10

  You too!

  0

Please sign in to leave a comment.