problems with DKIM?

keat63

• June 29, 2015 04:45

I saw this email today which seems to have slipped through the DKIM safety net, any ideas how ??
Return-path: Envelope-to: jamie@xxx.co.uk Delivery-date: Mon, 29 Jun 2015 09:24:59 +0100 Received: from [103.252.24.243] (port=61054) by host.myservers.co.uk with esmtp (Exim 4.85) (envelope-from ) id 1Z9UN4-0000qb-9k for jamie@xxx.co.uk; Mon, 29 Jun 2015 09:24:59 +0100 Content-Type: multipart/mixed; boundary=Apple-Mail-35D19FED-3315-4BD6-9320-8EFCBEAF9499 Content-Transfer-Encoding: 7bit From: jamie@xxx.co.uk Mime-Version: 1.0 (1.0) Date: Mon, 29 Jun 2015 13:54:51 +0530 Subject: WhatsApp Chat with Jay Stephenson Message-Id: <6439037D-5047-4141-9A78-54331DD60B7F@coxheadcleaningservices.co.uk> To: Louise X-Mailer: iPhone Mail (11D167) X-Spam-Status: No, score=1.3 X-Spam-Score: 13 X-Spam-Bar: + X-Ham-Report: Spam detection software, running on the system "leeds.stlservers.co.uk", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details.
Jamie@xxx.co.uk[/EMAIL] is a user on a domain on my server. louise@coxhead.co.uk[/EMAIL], i have no idea who this is.

• 

  keat63

  • June 29, 2015 09:58

  
  2015-06-29 09:24:22 SMTP connection from [103.24.232.218]:36772 (TCP/IP connection count = 1) 2015-06-29 09:24:22 SMTP connection from oikm.brainbinner.org [103.24.232.218]:36772 closed by QUIT 2015-06-29 09:24:38 SMTP connection from [103.24.232.218]:60663 (TCP/IP connection count = 1) 2015-06-29 09:24:39 SMTP connection from oikm.brainbinner.org [103.24.232.218]:60663 closed by QUIT 2015-06-29 09:24:53 SMTP connection from [103.252.24.243]:61054 (TCP/IP connection count = 1) 2015-06-29 09:24:53 no host name found for IP address 103.252.24.243 2015-06-29 09:24:54 H=([103.252.24.243]) [103.252.24.243]:61054 Warning: Sender rate 1.0 / 1h 2015-06-29 09:24:55 1Z9UN4-0000qb-9k H=([103.252.24.243]) [103.252.24.243]:61054 Warning: Message has been scanned: no virus or other harmful content was found 2015-06-29 09:24:59 1Z9UN4-0000qb-9k H=([103.252.24.243]) [103.252.24.243]:61054 Warning: "SpamAssassin as xxxx detected message as NOT spam (1.3)" 2015-06-29 09:24:59 1Z9UN4-0000qb-9k <= jamie@xxx.co.uk H=([103.252.24.243]) [103.252.24.243]:61054 P=esmtp S=92386 id=6439037D-5047-4141-9A78-54331DD60B7F@coxhead.co.uk T="WhatsApp Chat with Jay Stephenson" for jamie@xxx.co.uk 2015-06-29 09:24:59 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1Z9UN4-0000qb-9k 2015-06-29 09:24:59 SMTP connection from ([103.252.24.243]) [103.252.24.243]:61054 closed by QUIT 2015-06-29 09:25:00 1Z9UN4-0000qb-9k => jamie R=virtual_user T=virtual_userdelivery 2015-06-29 09:25:00 1Z9UN4-0000qb-9k Completed 2015-06-29 09:25:07 SMTP connection from [103.24.232.218]:53825 (TCP/IP connection count = 1) 2015-06-29 09:25:07 SMTP connection from oikm.brainbinner.org [103.24.232.218]:53825 closed by QUIT 2015-06-29 09:25:23 SMTP connection from [103.24.232.218]:56908 (TCP/IP connection count = 1) 2015-06-29 09:25:23 SMTP connection from oikm.brainbinner.org [103.24.232.218]:56908 closed by QUIT
  

  0
• 

  keat63

  • June 29, 2015 10:16

  i have access to another email account on a different cpanel server, so i sent myself an email via MS Outlook, but before i sent this, i spoofed the sender address, to the same as the recipient. This email also made it to my mailbox. Am i missing something.
  Event: success success Sender User: -remote- Sender Domain: Sender: technical@mydom.org.uk Sent Time: Jun 29, 2015 11:12:11 AM Sender Host: ftx-008-i894.relay.mailchannels.net Sender IP: 50.61.143.xxx Authentication: localdelivery Spam Score: 0 Recipient: technical@mydom.org.uk Delivered To: technical@mydom.org.uk deliveryuser: mydomuser deliverydomain: mydom.org.uk Router: virtual_user Transport: virtual_userdelivery Out Time: Jun 29, 2015 11:12:11 AM ID: 1Z9W2t-0003D5-IX Delivery Host: localhost Delivery IP: 127.0.0.1 Size: 5.89 KB Result: Message accepted
  

  0
• 

  keat63

  • June 29, 2015 10:58

  Maybe i'm a little confused. I was under the impression that DKIM was supposed to protect against this. I'm now toying with DMARC.

  0
• 

  Clickon01

  • June 29, 2015 13:11

  I am little bit confused!

  0
• 

  cPanelMichael

  • July 20, 2015 12:47

  Hello :) Just so we are clear, do you have DKIM enabled for the individual domain name, or do you have "Reject DKIM failures" enabled in "WHM >> Exim Configuration Manager"? Thank you.

  0

Please sign in to leave a comment.