Spoofing Filters

[jamison]

Since moving our shared hosting to a new server, we have seen a dramatic increase in spoofing e-mails (e-mail from our address to our address). While we can use spam assassin to block specific addresses, that can't work in this instance. What Linux options to we have to block these e-mails and keep my clients happy? Black list by word, etc.

[Alexander]

Hello,
You can use "User lever filtering" and "Account level filtering" in Cpanel. Also, make sure that default email account is disabled in Cpanel.

[ed_meyer]

I started getting those emails yesterday also. Quite a coincidence that it's only happening on the 2 accounts that I had restored and not the other accounts that I moved myself. You're right the customers are not happy about being moved now. Default is disabled and spam assassin is on.

[Matt]

If you have a specific email account and examples of the spoofed emails with full headers perhaps open a ticket so we can see. You might try enabling SPF or domain keys in their email security settings in the control panel.

[jamison]

The account filters work well, but these guys are smart. Using Viagra as an example, the only place the word appears is in the From line and not as an e-mail address. Example below.
VIAGRA ® Official Reseller [jim@innstuff.com]
Is there a way to block this as this is the only place in the e-mail that Viagra or any spam word appears. Nothing in the subject. The content is a graphic.

[Matt]

I have modified the exim configuration on this server to more closely match the old server. Lets see how things go for you now.

[Matt]

Also make sure your default address is enabled on all accounts.

[ed_meyer]

I don't know if I'm on the same shared server, or not, but the spam I was getting stopped as fast as it started. Haven't had any problem since last Friday. Thank you Glowhost Masters for whatever you did. I'm always amazed by your quick response to any problems.

[jamison]

This is why I am almost not a newby. I'll bite. What is exim configuration and also, what the default address that needs to be enabled. I assume it is an e-mail address. Is it the contact address in the WHM? Sorry to be slow.

[Matt]

@ed_meyer
Thanks!

@jamison
The Exim configuration is the main configuration on the server for many email options. You do not have access to this unless you have root access to your server.

The default address should not be enabled per your post, the contrary. it should be disabled.

This is the main address for each Unix user and to make things simple when describing it for this case, it is one of the main problems for users where emails arrive that have the same "From" and "To" address.

Disabling it in your cPanel > Mail > Default Address is a very good idea for most users.