Results 1 to 10 of 10

Thread: Spoofing Filters

  1. #1
    jamison is offline Nearly a Glow Sage
    Join Date
    Jun 2005
    Posts
    20

    Default Spoofing Filters

    Since moving our shared hosting to a new server, we have seen a dramatic increase in spoofing e-mails (e-mail from our address to our address). While we can use spam assassin to block specific addresses, that can't work in this instance. What Linux options to we have to block these e-mails and keep my clients happy? Black list by word, etc.

  2. #2
    Alexander's Avatar
    Alexander is online now Technical Analyst
    Join Date
    Jul 2007
    Posts
    1,378

    Default

    Hello,
    You can use "User lever filtering" and "Account level filtering" in Cpanel. Also, make sure that default email account is disabled in Cpanel.

  3. #3
    ed_meyer is offline Practically a Glow Sage
    Join Date
    Nov 2007
    Posts
    23

    Default

    I started getting those emails yesterday also. Quite a coincidence that it's only happening on the 2 accounts that I had restored and not the other accounts that I moved myself. You're right the customers are not happy about being moved now. Default is disabled and spam assassin is on.

  4. #4
    Matt's Avatar
    Matt is online now GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    5,355

    Default

    If you have a specific email account and examples of the spoofed emails with full headers perhaps open a ticket so we can see. You might try enabling SPF or domain keys in their email security settings in the control panel.
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | GlowHost's Facebook | Follow us on Twitter | GlowHost on Google+

  5. #5
    jamison is offline Nearly a Glow Sage
    Join Date
    Jun 2005
    Posts
    20

    Default

    The account filters work well, but these guys are smart. Using Viagra as an example, the only place the word appears is in the From line and not as an e-mail address. Example below.
    VIAGRA Official Reseller [jim@innstuff.com]
    Is there a way to block this as this is the only place in the e-mail that Viagra or any spam word appears. Nothing in the subject. The content is a graphic.

  6. #6
    Matt's Avatar
    Matt is online now GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    5,355

    Default

    I have modified the exim configuration on this server to more closely match the old server. Lets see how things go for you now.
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | GlowHost's Facebook | Follow us on Twitter | GlowHost on Google+

  7. #7
    Matt's Avatar
    Matt is online now GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    5,355

    Default

    Also make sure your default address is enabled on all accounts.
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | GlowHost's Facebook | Follow us on Twitter | GlowHost on Google+

  8. #8
    ed_meyer is offline Practically a Glow Sage
    Join Date
    Nov 2007
    Posts
    23

    Default

    I don't know if I'm on the same shared server, or not, but the spam I was getting stopped as fast as it started. Haven't had any problem since last Friday. Thank you Glowhost Masters for whatever you did. I'm always amazed by your quick response to any problems.

  9. #9
    jamison is offline Nearly a Glow Sage
    Join Date
    Jun 2005
    Posts
    20

    Default

    This is why I am almost not a newby. I'll bite. What is exim configuration and also, what the default address that needs to be enabled. I assume it is an e-mail address. Is it the contact address in the WHM? Sorry to be slow.

  10. #10
    Matt's Avatar
    Matt is online now GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    5,355

    Default

    @ed_meyer
    Thanks!

    @jamison
    The Exim configuration is the main configuration on the server for many email options. You do not have access to this unless you have root access to your server.

    The default address should not be enabled per your post, the contrary. it should be disabled.

    This is the main address for each Unix user and to make things simple when describing it for this case, it is one of the main problems for users where emails arrive that have the same "From" and "To" address.

    Disabling it in your cPanel > Mail > Default Address is a very good idea for most users.
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | GlowHost's Facebook | Follow us on Twitter | GlowHost on Google+

Similar Threads

  1. Spoofing??
    By Websync in forum General Support
    Replies: 9
    Last Post: 03-30-2009, 03:54 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16