My Email address is spoofed · CyberPanel Community

ta

tarek-kshk Mar 18, 2023 #1

hi
Spammers spoofed my email address. Please help
Someone send me an email from my email
In the e-mail, he asks for money because he was able to hack and threaten me

tarek-kshk@souqkshk.com This e-mail is not found in the list of e-mails in cyberpanel
How can he send from an email that does not exist?

I secure cyberpanel Two-factor authentication And almost everything

And this is the source of the message

Received: from DU0PR10MB6129.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:3e4::5)
 by DU0PR10MB5876.EURPRD10.PROD.OUTLOOK.COM with HTTPS; Sat, 18 Mar 2023
 05:03:51 +0000
Received: from AS9PR06CA0434.eurprd06.prod.outlook.com (2603:10a6:20b:49e::16)
 by DU0PR10MB6129.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:3e4::5) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.29; Sat, 18 Mar
 2023 05:03:50 +0000
Received: from AM0EUR02FT009.eop-EUR02.prod.protection.outlook.com
 (2603:10a6:20b:49e:cafe::a0) by AS9PR06CA0434.outlook.office365.com
 (2603:10a6:20b:49e::16) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.36 via Frontend
 Transport; Sat, 18 Mar 2023 05:03:50 +0000
Authentication-Results: spf=pass (sender IP is 185.143.45.181)
 smtp.mailfrom=souqkshk.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=souqkshk.com;compauth=pass
 reason=100
Received-SPF: Pass (protection.outlook.com: domain of souqkshk.com designates
 185.143.45.181 as permitted sender) receiver=protection.outlook.com;
 client-ip=185.143.45.181; helo=mail.souqkshk.com; pr=C
Received: from mail.souqkshk.com (185.143.45.181) by
 AM0EUR02FT009.mail.protection.outlook.com (10.13.54.108) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6199.20 via Frontend Transport; Sat, 18 Mar 2023 05:03:50 +0000
X-IncomingTopHeaderMarker:
 OriginalChecksum:504F0A31928266C2526F749781B85845E3F167C1967C83CC226DFCE97C153B9D;UpperCasedChecksum:4385810E1E46B4E8BB014ED94FF3AD3288B21FEA9F83BE48FBAD0DDB0BC3136D;SizeAsReceived:972;Count:14
Received: from [49.165.195.168] (unknown [49.165.195.168])
	by mail.souqkshk.com (Postfix) with ESMTP id C95681B7D27
	for <tarek-kshk@souqkshk.com>; Sat, 18 Mar 2023 01:03:49 -0400 (EDT)
From: <tarek-kshk@souqkshk.com>
To: <tarek-kshk@souqkshk.com>
Subject: Don't forget to pay the tax within 2 days!
Date: 18 Mar 2023 21:33:48 +0800
Message-ID: <001801d959a2$02b7108e$6eb9daa9$@souqkshk.com>
Content-Type: text/plain;
	charset="windows-1250"
Content-Transfer-Encoding: 8bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Acw9n2d7h5pcn02s2mlps5k823q41s==
Content-Language: en
x-cr-hashedpuzzle: 2D4= lps5 k823 q41s 2mlp s5k8 23q4 1s2m lps5 9bcn tw0f a7so s59b cntw 0fa7 sos5;1;9bcntw0fa7sos59bcntw0fa7sos59bcntw0fa7sos59bcntw;Sosha1_v1;7;\{8094B113-CCA5-366E-7A5F-FD224BD88094\};ZQB3AGUAZgsos59bcntw0fa7sos59bcntw0fa7sos59bcntw;18 Mar 2023 21:33:48 +0800;0fa7sos59bcntw0f
x-cr-puzzleid: \{8094B113-CCA5-366E-7A5F-FD224BD88094\}
X-IncomingHeaderCount: 14
Return-Path: tarek-kshk@souqkshk.com
X-MS-Exchange-Organization-ExpirationStartTime: 18 Mar 2023 05:03:50.7632
 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
 91ed9855-6a36-4456-b6da-08db276e2a00
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AM0EUR02FT009:EE_|DU0PR10MB6129:EE_
X-MS-Exchange-Organization-AuthSource:
 AM0EUR02FT009.eop-EUR02.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-UserLastLogonTime: 3/18/2023 3:33:14 AM
X-MS-Office365-Filtering-Correlation-Id: 91ed9855-6a36-4456-b6da-08db276e2a00
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 185.143.45.181
X-SID-PRA: TAREK-KSHK@SOUQKSHK.COM
X-SID-Result: PASS
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Antispam: BCL:0;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Mar 2023 05:03:50.7476
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 91ed9855-6a36-4456-b6da-08db276e2a00
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-AuthSource:
 AM0EUR02FT009.eop-EUR02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:
 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB6129
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.7622844
X-MS-Exchange-Processed-By-BccFoldering: 15.20.6178.035
X-Microsoft-Antispam-Mailbox-Delivery:
	abwl:0;wl:1;pcwl:1;kl:0;dwl:0;dkl:0;rwl:0;ucf:0;jmr:0;ex:0;auth:1;dest:I;OFR:TrustedSenderList;ENG:(5062000305)(90000117)(90011020)(91015020)(91040095)(9050020)(9060121)(9081003)(9100338)(2008001134)(4810007)(4910033)(8820095)(9930004)(9545005)(10172021)(9439006)(9310011)(9220031);
X-Message-Info:
	qZelhIiYnPkz+1c0tANDswf8uZbcl4apg34M4yjt8W5OpC+Dp1QrC7uFRHqVwf6ZX9Rh/MFVRUsDlXZvIw0Y842Q5wkvQUvSG0yrhw0T2yon+fOsdQelprDbWQDkIEtJhYIvp5UxelWFIqLcmXK+aS0XCCtjuvvEQYFbZVk5JA7x/4RXqw9Qeec9HncpU3Uk+fn+Akb1VYYlgA1DhNAM5g==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtHRD0yO1NDTD0tMQ==
X-Microsoft-Antispam-Message-Info:
	=?windows-1250?Q?iCXZKrDBEm8tjAvCL1yuI1PSCRSowZUpDmvwtw0FQV5lB7IulJbjWqTe?=
 =?windows-1250?Q?NeUmw6ihjUXWimLu4Lf1m5Z2iemH0F/iubHizuzd5sPdC/HWf6xI6L4t?=
 =?windows-1250?Q?9qC1JmqZTBtvrVserGnNQcJVTT9nPGh87KFscVTf8BxR4aQpGrP0Q9Vb?=
 =?windows-1250?Q?kKHpwEp48VhiIqqEaGOJ7Rdg1rVbd11Vxuv/w2/Qc9GPh+SmDkBJdHDU?=
 =?windows-1250?Q?/7OMFCeH7mCFfHgWXu2lHHoynUPVyN7n+AK7aGBmLtEyyCXHHzTHYSkW?=
 =?windows-1250?Q?EJ5jIZltFa1b4gbixcl8dc/FV8zJVBBjKBjuxLO64TjRR3Ivoqu1HlLQ?=
 =?windows-1250?Q?zHn6erdtCgfgKJpwvkjGC4EtIIaB57lMPCiI+i0bzGm/jz5+679gAJ5R?=
 =?windows-1250?Q?Vue574kcQN1Bnq08gQ1Cp1GjyjbtkW4wPFmCNz9W/KUX/Pmtfh3AyODM?=
 =?windows-1250?Q?XJ8nZINw+pc7k1rzpWNiHIFpDFdEf3w7wszShpJjfdZFPG48Cw+lJbyc?=
 =?windows-1250?Q?ibSJRZZR76rC7vlEfmvJhP8XFCjCPlv0jVmtLchZzEjcqq7VP1IgV209?=
 =?windows-1250?Q?9wUA7PdGWEEz4/SnqLjON7XZj+nEozZgZcv9q5+HHpVRG154bxqEwD6+?=
 =?windows-1250?Q?OUfWHtwihg9PAMzjxpzGGO+6iqLHH97jmHZrK8mBmGLBJZumliXjRzxe?=
 =?windows-1250?Q?+gysAcDnOPVQ6dP7fHsKc96LZ7GJSC4zpuMixZ+9TZYGVXvcFgdtKADO?=
 =?windows-1250?Q?Iv/DfCAMAbeRQM737oCjMrCxelC9GN7c46b3gDre1LelXvgQ0Jhr2OOD?=
 =?windows-1250?Q?VwQFgoUs/+PmKk0p3C0VTMEdR1DEaneGctgUz8hVfCC614hWPpy72E1H?=
 =?windows-1250?Q?eOhdaqVxYl4wGAFb2w+HoWqd57WL4c89fllQ8jXHiqPHB1VOG4lhsbmr?=
 =?windows-1250?Q?MO9P4QKDObtSjFh/D2rUx4S2Us3kivOGOrI7t8ucMYJv5LVXqjSz6/fX?=
 =?windows-1250?Q?F7BJUr9Oe7H3ZH3djpkw3al2yIrHznbSKIBAkDAw+ulr9IFCJQqmUQAx?=
 =?windows-1250?Q?RD5f5A47oFXyfyBRuButZQve5Nkg5z7/kNEG9dBJCB4LHrekJNBhx3aK?=
 =?windows-1250?Q?ieCLN5ehGH+bRrMIND7fPAVX+rCsq7mgtd1blUaEEujz4mDFOnYfDUaO?=
 =?windows-1250?Q?nFUC2UlwtvaT5YyXZEHhU7YAx1aVa/1C6fhC7h6Y9rBt/k/6VPF1MZOY?=
 =?windows-1250?Q?xVRo2g/AkjLeF2VR6cOfN14mQvJSyaKMEbYrzBOawcA2R/J5dK7Dkx0t?=
 =?windows-1250?Q?j9B56j5508JidIE+AW61/r6qyivWbmASTWhn1+yyC6oWCQmKnTjIHCdf?=
 =?windows-1250?Q?zLkCgt804wTy3nq1wZbJP31raWwEQ6dOT+fzqyH7SeLZ3nuYSSK9/Osw?=
 =?windows-1250?Q?TX5Qm6igEuCjB91D+zMvQb6vqlr1sAmyrDgf8S7X3q3P1bkG4rQOEq2u?=
 =?windows-1250?Q?tnJ4o/MQiMQtChJLMgreCM3Klh/AcufuyMUEwW1voL68tqSafvHDZ4W8?=
 =?windows-1250?Q?yVzCa0B/0LVYFCitQW4N5t1OMbZqziZLMhFX7rlvqrpLE7D+SHHgFxJp?=
 =?windows-1250?Q?1TKgN8FJbnKQphbTaH/ugzwSpuH9VCDzBFuLCc5SPtKzKk4N0OPtVBps?=
 =?windows-1250?Q?rmGQBalTAaOdiJUL/IF8VYmJnhQLYlhKCTrIM2O3CTeX0N7wly13wEMl?=
 =?windows-1250?Q?7vhRGCNyxaMOi+7mPIT6C45rciZICkDLrPMDfIzR?=
MIME-Version: 1.0

This is an email test

Please help

thanks

jo

josephgodwinke Mar 18, 2023 #2

Hello @tarek-kshk

Unfortunately, there’s no way to prevent spammers from spoofing your email address.

Implement strict rules for both SPF Sender Policy Framework TXT record in DNS to ensure that destination email systems trust messages sent from your custom domain. You want ot set this to HARD Fail (Treat emails with ‘hard fail’ in the message envelope and then follow the receiving server’s configured spam policy) How Sender Policy Framework (SPF) prevents spoofing - Office 365 | Microsoft Learn

and DMARC- Domain-based Message Authentication, Reporting, and Conformance - set a policy of Reject and SPF identifier alignment of strict where alignment is required by domain owner if not email is rejected, DKIM identifier alignment should also be set to strict, What is a DMARC Policy? | EasyDMARC

Use a tool to generate this I recommend - Free DMARC Record Generator tools | EasyDMARC

ta

tarek-kshk Mar 18, 2023 #3

Thanks for the help
I will try to work on this and reply with the result

ta

tarek-kshk Mar 18, 2023 #4

hi
After following all the explanations, I could not solve this problem
This has been removed (“”)
I did all the explanations in dns And still the problem

Please help

thanks

jo

josephgodwinke Mar 18, 2023 #5

Ther eyou have an issue with DKIM keys. You need to confirm you have them or just create new ones.1 - DKIM Set up and Configurations

ta

tarek-kshk Mar 18, 2023 #6

hi

Available since the creation of the site
I don’t know what’s wrong
thanks

jo

josephgodwinke Mar 18, 2023 #7

There is a whole process of setting opendkim conf to debug why keys are not been verified but before this we keep it simple. remove these domain keys /etc/opendkim/keys/mydomain.com then use the tutorial I cited to generate new ones with cyberpanel

ta

tarek-kshk Mar 18, 2023 #8

hi
I did this and it gives the same result

thanks

jo

josephgodwinke Mar 18, 2023 #9

Are you sending these emails through webmail ?

ta

tarek-kshk Mar 18, 2023 #10

hi
yes,

ta

tarek-kshk Mar 18, 2023 #11

dns settings

thanks

jo

josephgodwinke Mar 18, 2023 #12

Run the cyberpanel upgrade script

ta

tarek-kshk Mar 18, 2023 #13

hi

Latest version

thanks

ta

tarek-kshk Mar 19, 2023 #14

is there a solution ?

thanks

JA

Joabe Arruda Mar 19, 2023 #15

Hey, your problem is common:

You have DKIM key values with “quotation marks” in Cyberpanel and have entered “no quotes” in CloudFlare. In some cases this results in a conflict.

For me it always solves 100%…

remove all “quotation marks” from your DKIM and save it. After an hour try again.

Do not keep changing DNS many times in less than 24 hours, this impairs proper propagation. =)

ta

tarek-kshk Mar 19, 2023 #16

hi

Without any quotes from yesterday

thanks

JA

Joabe Arruda Mar 19, 2023 #17

But you also removed it from Cyberpanel?

I don’t know why Cyberpanel leaves with quotes, but whenever I remove, at least here for me, the problem is solved, but I believe it also depends on what email service you use.

Now just wait a few hours to test again.

The truth is that email services are increasingly demanding and this is good for security, but it really makes everything more laborious.

ta

tarek-kshk Mar 19, 2023 #18

hi
I have removed the quotes from cyberpanel
I’ll wait for hours and I’ll try

thanks

JA

Joabe Arruda Mar 19, 2023 #19

Okay, good idea.

jo

josephgodwinke Mar 19, 2023 #20

No this will not fix anything. These autocreated records should not be altered

ta

tarek-kshk Mar 20, 2023 #21

hi
The problem is not solved
thanks

ta

tarek-kshk Aug 31, 2023 #22

how Someone sends me messages from a deleted website email

Authentication-Results: spf=pass (sender IP is my ip )

??

ta

tarek-kshk Aug 31, 2023 #23

how Someone sends me messages from a deleted email

Authentication-Results: spf=pass (sender IP is my ip )

??