Preventing Email Spoofing for domains on the same server

I

idon

Verified User
Joined
Oct 10, 2017
Messages
16
I have two clients on the same hosting server, with domains (e.g., x.com and y.com).
I want to prevent one client from sending emails while setting the "From" address as an email belonging to the other client's domain.
Is there a way to restrict this kind of email spoofing in DirectAdmin?
Because right now, it's seem like possible spoofing.
 
idon said:
Because right now, it's seem like possible spoofing.
Click to expand...
It's not possible spoofing, it -is- spoofing. I would warn the abusive customer and suspend his account if he keeps doing it.

Next to that, set strict SPF records and use DKIM records. It might pass the SPF record because both use the same sending server ip, but then it will be blocked on DKIM record.
More safe even is also adding a DMARC record.
 
Richard G said:
It's not possible spoofing, it -is- spoofing. I would warn the abusive customer and suspend his account if he keeps doing it.

Next to that, set strict SPF records and use DKIM records. It might pass the SPF record because both use the same sending server ip, but then it will be blocked on DKIM record.
More safe even is also adding a DMARC record.
Click to expand...

Actually it gets worse. The server will sign the DKIM key for any sending domain on a DA server, regardless of whether or not the sending user owns the domain in question. So any user on any DA box can spoof any neighbor and pass both SPF and DKIM checks, by default.

However, you can break the signing problem like this: https://github.com/mxroute/da_server_updates/blob/master/exim/exim.dkim.conf (pretty sure this is the copy altered for this, should change signing to be only for the authenticated domain)

This isn't a new problem or a DA exclusive problem. It's been this way for most of the existence of shared web hosting on all panel stacks.
 
Last edited:
idon said:
I have two clients on the same hosting server, with domains (e.g., x.com and y.com).
I want to prevent one client from sending emails while setting the "From" address as an email belonging to the other client's domain.
Is there a way to restrict this kind of email spoofing in DirectAdmin?
Because right now, it's seem like possible spoofing.
Click to expand...

At first glance yes, but there's X-Authenticated-Id in mail source, so it's possible to check who really sent email.
 
mxroute said:
The server will sign the DKIM key for any sending domain on a DA server, regardless of whether or not the sending user owns the domain in question.
Click to expand...
Oh that is new to me, rather said I didn't know this. Because every domain has it's own unique DKIM key, I didn't expect the server to be able to sign with DKIM key when the domain is not owned by the sender. Thats not very nice.
Good you pointed that out!
 
Richard G said:
It's not possible spoofing, it -is- spoofing. I would warn the abusive customer and suspend his account if he keeps doing it.

Next to that, set strict SPF records and use DKIM records. It might pass the SPF record because both use the same sending server ip, but then it will be blocked on DKIM record.
More safe even is also adding a DMARC record.
Click to expand...
How can you identify customers who perform such spoofing in a PHP script for example?
 
idon said:
How can you identify customers who perform such spoofing in a PHP script for example?
Click to expand...
Well that's a bit harder ofcourse. That would mean checking the php logs of the customers. I don't know sure if there is an easier option. However, if you could get a hand on the headers from the receiver or just block non-smtp mail for a little while in CSF. Then php mails would get into the mail queue and you could check in there.
 
You must log in or register to reply here.
Back
Top