Blocking emails from persistent spammer

eJM

enterpriseJM
I am getting email spam that looks like the sender is me (my own email address is in the from line). All of the contents of the many emails have links to China domains (always in the form of an image) - lots of different domains all ending in .cn. I have a number of different email addresses, so I can hardly wait until I get even more when they start using those addresses.

Is there a way to block anything and everything that comes from China? I do no business with anyone there. I'd like to block them before the mail gets to my inbox and have the same rule apply to all my email addresses currently and in the future.

Thanks for any guidance on this.

Jim
 
Hi Jim,

Are you using any spam filtering software? Just about anything should catch this type of spam.

If not then Sender Verification in the Exim Configuration Manager should help. There are also RBLs you can enable there and you can also enter custom ACLs into the advanced configuration which would help assuming you do not want to run separate spam filtering software.
 
Hi Dan, thanks for your reply.

I use Outlook 2007, which does a pretty fair job at filtering out spam. I was able to set some filter rules that got rid of some of the persistent spam, but this one has me stuck. It uses my email address as the sender, but even marking my address as spam doesn't stop them from coming to my inbox. They use a different subject every time and the links are always to different domains (all ending in .cn, but it's a linked image, not a text link).

All that stuff you said about Exim, RBLs and ACLs went right over my head. I have no idea what those are or how to do them. Should I ask support to do it, or is there some steps I can follow to accomplish it? I do have SpamAssasin set up on my server.

Thanks,

Jim
 
Hi Jim,

If you're not comfortable moving around in WHM I would recommend sending a ticket in to support, providing them a link to your post here, and asking for their recommendations as to what you can/should do.
 
Jim,

Sender verification is exactly that should help to deal with this. It is very easy to enable sender verification and SPF record with cPanel/WHM. Just follow these easy steps:
1. Login to your WHM as root;
2. go to WHM >> Service Configuration >> Exim Configuration Editor screen;
3. Check the "Blacklist: SPF Checking" option in the "ACL Options" section, click "Save";
4. Go to the WHM >> Account Information >> List Accounts screen, find your account there and click on the cPanel icon on the account's line - this should open a new browser window with selected account's cPanel control panel;
5. In cPanel click on the "Email Authentication" icon in the "Mail" section;
6. On the "Email Authentication" click "Enable" button in the SPF section. You may also want to enable DomainKeys - this might help to deliver mail from your domain to Yahoo (and some other) mailservers.

That's it. The above listed steps should work just fine as long as domain's DNS zone is hosted on nameservers running inside the VPS. If you use external nameservers please consult with external nameservers vendor to find out how to add a TXT record into your DNS zone in order to enable SPF for your domain.
 
Hi Paul,

I'm trying to follow your short tute on enabling SPF, but I don't see E-mail Authentication in cPanel anywhere under the Mail settings (or anywhere else for that matter). cPanel is 11.24.5-RELEASE 38506. Please advise.

Thanks,
Patrick
 
Hello Hawkmultimedia,

The only reason I can think of that you would not have this is if it is disabled in the Feature Manager.

In WHM go to Packages and then Feature Manager. If there is an existing list then edit it and check the box for Email Authentication (and any others you want of course) and save it. You might need to update the pertinent account(s) for this to take effect. I haven't used this much so don't remember.

Hope that helps
 
Top