ConfigServer Community Forum

I want to explain my situation, maybe somebody could help me.

I have a customer which since some months ago send mails with others sending email accounts.

Example
My customer: customer.com
My customer email: account @ customer.com
SMTP Autentication: account @ customer.com

Situation
My customer: customer.com
My supposed customer email: otheraccount @ otherdomain.com
SMTP Autentication: account @ customer.com

So my customer.com which has account@customer.com is sending message like otheraccount@otherdomain.com What could I do to block this?

I need something to try to block this action, could somebody help me with a solution step by step?

Thank you.

This is nothing to do with MailScanner. It sounds like your customer's PC may be infected if emails are being sent from them spoofing other addresses. There's not much that can be done if they are authenticating correctly, other than suspending their account and getting them to stop doing it if it is really your customer sending these spoofed mails.

Thank you Sarah, I know which you say but my question is: CPANEL, MailScanner, Exim or some application from the server o PLUGIN could check account authenticating with account sendind?

Thank you.

Or you can set EXIM to:

Set the Sender: Header when the mail sender changes the sender (-f flag passed to sendmail).

Always set the "Sender:" header when the sender differs from the actual sender. Unchecking this will stop "On behalf of" data in Microsoft® Outlook, but may limit your ability to track abuse of the mail system.

This will help you to determine if the user is sending spoofed emails.

Sergio