PCI Compliance

[mickalo]

Hello,

Ok, this one has me stumped. We have a customer with 3 domains on our server. 2 of them passed this Security Metrics PCI scan, but one did not and for the life of me can't figure why. 2 of them passed so I assume that the Exim global configuration is setup correctly and the one that failed may have something to do with the DNS zone file .... not sure ?? This is the results they go back:

Code:

Protocol Port Program Risk Summary

TCP 25 smtp 4 The remote SMTP server is insufficiently protected against relaying 
This means that spammers might be able to use your mail server to send their mails to the world. 
SMetrics was able to relay mails by sending those sequences: 
MAIL FROM: <smetrics@decisionbar.com> 
RCPT TO: <nobody%securitymetrics.com@decisionbar.c om> Risk Factor: Medium 

TCP 465 urd 4 The remote SMTP server is insufficiently protected against relaying 
This means that spammers might be able to use your mail server to send their mails to the world. 
SMetrics was able to relay mails by sending those sequences: 
MAIL FROM: <smetrics@decisionbar.com> 
RCPT TO: <nobody%securitymetrics.com@decisionbar.c om> Risk Factor: Medium Solution: 
upgrade your software or improve the configuration so that your SMTP server cannot be used 
as a relay any more.

any suggestion or help would be much appreciated. I've been racking my brain all morning trying
to figure this out.

Thx's
Mike

[cPanelDavidG]

Hello,

Ok, this one has me stumped. We have a customer with 3 domains on our server. 2 of them passed this Security Metrics PCI scan, but one did not and for the life of me can't figure why. 2 of them passed so I assume that the Exim global configuration is setup correctly and the one that failed may have something to do with the DNS zone file .... not sure ?? This is the results they go back:

Code:

Protocol Port Program Risk Summary

TCP 25 smtp 4 The remote SMTP server is insufficiently protected against relaying 
This means that spammers might be able to use your mail server to send their mails to the world. 
SMetrics was able to relay mails by sending those sequences: 
MAIL FROM: <smetrics@decisionbar.com> 
RCPT TO: <nobody%securitymetrics.com@decisionbar.c om> Risk Factor: Medium 

TCP 465 urd 4 The remote SMTP server is insufficiently protected against relaying 
This means that spammers might be able to use your mail server to send their mails to the world. 
SMetrics was able to relay mails by sending those sequences: 
MAIL FROM: <smetrics@decisionbar.com> 
RCPT TO: <nobody%securitymetrics.com@decisionbar.c om> Risk Factor: Medium Solution: 
upgrade your software or improve the configuration so that your SMTP server cannot be used 
as a relay any more.

any suggestion or help would be much appreciated. I've been racking my brain all morning trying
to figure this out.

Thx's
Mike

Looks like this PCI Compliance Vendor doesn't understand the difference between open relays and cPanel/WHM's POP-before-SMTP authentication.

In a cPanel/WHM environment, if you have successfully authenticated into POP within the past 30 minutes, then you (or more technically, your IP address) can send mail via the SMTP server without authentication (since you have already authenticated successfully via POP).

To disable this POP-before-SMTP authentication and force SMTP authentication for all users at all times, go to WHM -> Service Configuration -> Service Manager and under tailwatchd, uncheck "Antirelayd."

[mickalo]

Thanks. After reading your reply it makes allot of sense. We have several of these scans in the past with other customers and never got this type of warning before. So I was a bit lost to what the problems was.

Mike