Skip to main content

Clients receiving spam from themselves, but not being sent from server?

Comments

4 comments

  • cPanelMichael
    Hello, Could you provide an example from /var/log/exim_mainlog when this happens? EX:
    exigrep MSGID /var/log/exim_mainlog
    Replace "MSGID" with the message ID listed in the headers of one of the messages. Thank you.
    0
  • GreenQ
    Hello, Could you provide an example from /var/log/exim_mainlog when this happens? EX:
    exigrep MSGID /var/log/exim_mainlog
    Replace "MSGID" with the message ID listed in the headers of one of the messages. Thank you.

    2016-10-02 18:39:10
    1bqjn0-000DNS-6b H=([210.56.17.83]) [210.56.17.83]:24920 Warning: "SpamAssassin as wwwgreenqco detected message as spam (27.6)" 2016-10-02 18:39:10 1bqjn0-000DNS-6b <= maflores@example.com.mx H=([210.56.1 7.83]) [210.56.17.83]:24920 P=esmtp S=4526 id=F66DE9AAA4722EE77CF8BBB5633FF66D@7 R1JPD77R T="From International Company" for info@domain.co.za 2016-10-02 18:39:10 1bqjn0-000DNS-6b => info R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 kAjXKi448Vf2yAAAHoDy TA Saved" 2016-10-02 18:39:10 1bqjn0-000DNS-6b Completed
    0
  • cPanelMichael
    bqjn0-000DNS-6b H=([210.56.17.83]) [210.56.17.83]:24920 Warning: "SpamAssassin as wwwgreenqco detected message as spam (27.6)"

    This suggests SpamAssassin is accurately detecting the spoofed message as SPAM. Emails with spoofed "FROM" addresses are common SPAM techniques, but you can safely ignore this when SpamAssassin correctly blocks the message. In cPanel version 58, SPF checking is automatically enabled through SpamAssassin to help prevent these types of emails. Thank you.
    0
  • phillbooth
    SPF checking will only work if you have an SPF in the domains DNS. I would advise you to use a DKIM as well. You need to go to Cpanel > EMAIL > Authentication and make sure these are added. If you use an external DNS service, rather than your server own PowerDNS service then you will have to copy the SPF the DKIM if your data over.
    0

Please sign in to leave a comment.