PCI Compliance - Exim
Has anyone out there run into any issues trying to pass the PCI scans with cPanel and using Exim?
I've used Security Metrics and HackerGuardian scans it's telling me that I have an open relay. I have turned off the antirelayd service in cPanel and am puzzled at how to solve this issue.
I was told by that this is because I have an open internal relay and that it returns a 250 code after telneting into the server on the smtp port. Any idea how to fix this?
thanks a lot.
Well, by default relaying isn't ON on a cPanel server. Try turning off antirelayd and see if it makes any difference.
Have you tested this manually or have they given you the commands they are using to test? If the domain is not hosted on your server, it should not accept it or send it out unless you are authenticated.
1. Turn on the antirelayd (WHM -> Service Configuration -> Service Manager) to verify your server is not open relay.
2. add this following line to your /etc/exim.conf file
auth_hosts = *
All the mails sent using your server's smtp will have to pass an authorization first with a user/pass and it will allow only those users whose email address exists on your server.
LinkBack URL
About LinkBacks
Reply With Quote