Anyway to reject outgoing email if the sender domain doesn't host in the server.

belon_cfy

• March 28, 2014 22:51

Hi Recently we are experiencing massive of spam due to email account been compromised. Usually the spammer will forge the sender account from any domain does not hosted in the server such as hotmail.com and yahoo.com. Is there anyway we can implement a rules to prevent those email been sending out? Can we match the sender domain to ensure it is available in the server before sending out the email?

• 

  cPanelMichael

  • April 01, 2014 17:04

  Hello :) The following option under the "Mail" tab in "WHM Home " Service Configuration " Exim Configuration Manager" might be helpful: "EXPERIMENTAL: Rewrite From: header to match actual sender" Per it's description: If you enabled this option, the From: header will be rewritten to be the email address of the actual message sender. If you choose the "remote" option, only messages that are being sent to remote destinations will be affected. This should help you to detect which account is sending out the SPAM. Also, the following document is a good place to start: cPanel - Prevent Email Abuse Thank you.

  0
• 

  belon_cfy

  • April 05, 2014 03:03

  [quote="cPanelMichael, post: 1609732">Hello :) The following option under the "Mail" tab in "WHM Home " Service Configuration " Exim Configuration Manager" might be helpful: "EXPERIMENTAL: Rewrite From: header to match actual sender" Per it's description: If you enabled this option, the From: header will be rewritten to be the email address of the actual message sender. If you choose the "remote" option, only messages that are being sent to remote destinations will be affected. This should help you to detect which account is sending out the SPAM. Also, the following document is a good place to start: cPanel - Prevent Email Abuse Thank you.
  Hi , The option is good for tracing however it can't mitigate the issue on sending with forge address. I will prefer to reject those email instead of alter the header.

  0
• 

  cPanelMichael

  • April 07, 2014 17:38

  It really depends on how the sender's address is being spoofed. Is it simply the "FROM" part of the message header that is spoofed? Typically, the best way to resolve this issue is to disable or suspend the offending user from your system. Also, enabling SpamAssassin for outgoing email might help to prevent the message from sending out to the remote server. Thank you.

  0
• 

  mpkapadia

  • April 09, 2014 07:36

  Hello You Can Try This. Go to Exim Configuration > Advanced Settings Find this custom_begin_ratelimit ( In this Section which is blank by default add the 2 lines below ) Note - Not under custom_begin_ratelimit_spam ( Be careful ) ----------------------------------------------------------- deny ! sender_domains = lsearch;/etc/localdomains ! domains = lsearch;/etc/localdomains ----------------------------------------------------------- Regards.

  0

Please sign in to leave a comment.