Page 1 of 1

avoiding spoofing

Posted: 08 Aug 2023, 15:08
by moribe
Hello!
Today a few clients received an email from their own accounts saying they've been hacked and the hacker has access to their mail and cPanel account,
We verified and the mail was sent from a different server.

Because of that we're making some changes to the SPF, exim and mailScanner configuration, there is some some mailScanner option to block remote mail from an account to itself or just the SPF will be enough?

Re: avoiding spoofing

Posted: 11 Aug 2023, 21:31
by Sergio
The best way to go is to create your own SPAMASSASSIN RULE and tell your cPanel customers not to add their own domains in MailScanner WhiteList.

I mean, if the hacker is impersonating you and you have your own domain in your MailScanner White List, then the spoofed email will go thru.

So, if you customer wants to white list himself the best way is to add the customer connection IP or the complete range IP.0/24 in the WhiteList instead of the account domain.

Sergio