SPF doesn't seem to work properly

darknet01001

• August 19, 2016 08:30

Hello, since thusday my spf record as no effect. i didn't change anything on server and i don't know where is the problem. before problem appear
XXX@DOMAIN.es Aug 16, 2016 3:04:03 AM 0 XXX@DOMAIN.es SPF: 187.163.xxx.xxx is not allowed to send mail from example.es
and then
XXX@domain.es Aug 16, 2016 3:28:15 PM 0 XXX@domain.es Accepted
here a sample of spoofed mail
Return-Path: Delivered-To: XXX@domain.es Received: from main.domain.net by main.machine.net (Dovecot) with LMTP id cUiyHGO1tFcGBwAAAFSfFQ for ; Wed, 17 Aug 2016 21:05:07 +0200 Return-path: Envelope-to: XXX@domain.es Delivery-date: Wed, 17 Aug 2016 21:05:07 +0200 Received: from [93.169.61.22] (port=2665) by main.domain.net with esmtp (Exim 4.87) (envelope-from ) id 1ba69C-0000S4-A1 for XXX@domain.es; Wed, 17 Aug 2016 21:05:07 +0200 Date: 17 Aug 2016 23:44:10 +0200 From: X-Priority: 3 Message-ID: <367781502.201608172404@example.es> To: Subject: =?utf-8?B?QXJkbyBkZSBwYXNpw7NuLg==?= MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------86CCF215E9B82B0" ------------86CCF215E9B82B0 Content-Type: text/plain; charset="cp-850" Content-Transfer-Encoding: quoted-printable Estoy mojado y la necesidad de conseguir jodido esta noche! Usted quiere conectar? Mi nombre de usuario es Lenusik48 Ver mi perfil y fotos ------------86CCF215E9B82B0 Content-Type: text/html; charset="cp-850" Content-Transfer-Encoding: quoted-printable =3D?utf-8?B?QXJkbyBkZSBwYXNpw7NuLg=3D=3D?=3D Some crap message here
more crap here

more crap here

Ver mi perfil y fotos ------------86CCF215E9B82B0--
i have also do some test with - Removed - Fake Mailer to spoof email from a test mailbox and my server send mail from this too :( Thank you oh and there is my spf record
v=spf1 +a +mx +ip4:XX.XX.218.229 -all

• 

  cPanelMichael

  • August 23, 2016 19:44

  Hello, Per the > Service Configuration >> Exim Configuration Manager). Please post the output from the following commands so we can determine why it's not working on your system:
  cat /usr/local/cpanel/version grep spf /etc/exim.conf.localopts /etc/exim.conf
  Thank you.

  0
• 

  darknet01001

  • September 04, 2016 17:54

  Hello, So my cpanel version is : 11.58.0.25 and the segond command return: /etc/exim.conf.localopts:acl_spf_bl=1 thanks

  0
• 

  cPanelMichael

  • September 06, 2016 22:13

  and the segond command return: /etc/exim.conf.localopts:acl_spf_bl=1

  
  You can browse to "WHM >> Exim Configuration Manager >> Advanced Editor" and then search/uncheck this entry: spf_bl Thank you.

  0

Please sign in to leave a comment.