Blocking inbound spam from fake domains on my server(s)

koda

• February 12, 2014 12:18

What I'm trying to obtain is this. We often receive spam emails FROM address/domains (even with fake address but correct domain) that are hosted on our server. In the headers the Return-path is correct, the Envelope-to is correct and so on. The only thinkg that doesn't match of course is the IP of the server which sent the email since it didn't originate from our server. I mean none of our emails has been scammed, is just someone using a different server to send US spam with our emails. Is there a way to block this? I mean something to mark as spam (or delete straight away) all INCOMING email from domains on the mail server but sent from a different IP? Or more generic all incoming email from a list of domains but whose IP is not included in a list of IPs? (this last option would give more flexibility when for example you have multiple servers with different domains but wich send mails each other like for example in a single organization with multiple domains and multiple servers for each domain) Thanks in advance for your suggestions.

• 

  cPanelMichael

  • February 12, 2014 17:56

  Hello :) You could enable the following option in "WHM Home " Service Configuration " Exim Configuration Manager" under the "ACL Options" tab to help prevent these types of emails: "Reject SPF failures" This will reject mail at SMTP time if the sender fails SPF checks. Thank you.

  0
• 

  koda

  • February 13, 2014 11:03

  Hallo Michael thanks. But won't this prevent domains who don't have spf record to be rejected as well? Or just SPF mismatch where an SPF record IS present?

  0
• 

  cPanelMichael

  • February 13, 2014 13:45

  [quote="koda, post: 1571551">Hallo Michael thanks. But won't this prevent domains who don't have spf record to be rejected as well? Or just SPF mismatch where an SPF record IS present?
  Yes, this will reject emails from domain names without valid SPF records, not just mismatches. You can leave it disabled, but it's the best way to prevent the type of email messages you have described. Another option would be to manually block the IP addresses that sent you the spoofed messages. Thank you.

  0

Please sign in to leave a comment.