Sending e-mail without authentication after logged

**deieno** · 05-04-2009 01:27 PM

Hello,

I found a situation on our environment that is really unpleasant for us and our customers.

Imagine this hypothetical situation:

my hosting company domain is: myhostingcompany.com a
and the customer domain is: customerdomain.com

The customer create his e-mail account on outlook that is customer@customerdomain.com. He did a good authentication to send e-mails. From now his ip is allowed to send e-mail from our server for 30 minutes.

Now this customer creates an account on outlook express without password, the account name he create is

Iwill_play_with_my_host@myhostingcompany.com

And then... the e-mail goes to any place he want.

-------------------------------------------------
I know this a hypothetical situation, but let´s face. Things like that can happen.

What I want to know is, if Iwill_play_with_my_host@myhostingcompany.com doesn´t exist, is there anyway to prevent other users already autenticated send e-mails from other domains?

I know disabling tailwatchd will force authentication all the time but, other than that, is there any other solution?

I talked with cpanel's support about that and it was recommend me to use the "/etc/mailhelo" option, but I didn´t understand very well how it´s work

Can anyone help?
thank you

**cPanelDavidG** · 05-05-2009 01:08 PM

Originally Posted by deieno

Hello,

I found a situation on our environment that is really unpleasant for us and our customers.

Imagine this hypothetical situation:

my hosting company domain is: myhostingcompany.com a
and the customer domain is: customerdomain.com

The customer create his e-mail account on outlook that is customer@customerdomain.com. He did a good authentication to send e-mails. From now his ip is allowed to send e-mail from our server for 30 minutes.

Now this customer creates an account on outlook express without password, the account name he create is

Iwill_play_with_my_host@myhostingcompany.com

And then... the e-mail goes to any place he want.

-------------------------------------------------
I know this a hypothetical situation, but let´s face. Things like that can happen.

What I want to know is, if Iwill_play_with_my_host@myhostingcompany.com doesn´t exist, is there anyway to prevent other users already autenticated send e-mails from other domains?

I know disabling tailwatchd will force authentication all the time but, other than that, is there any other solution?

I talked with cpanel's support about that and it was recommend me to use the "/etc/mailhelo" option, but I didn´t understand very well how it´s work

Can anyone help?
thank you

No other solutions are natively supported at this time.

LinkBack

Thread Tools

Sending e-mail without authentication after logged

Sending mail via authentication stopped working overnight [case 50280]

how to force sending email always use smtp authentication

Sending mail without authentication

Problem sending with mutt - 550 Authentication error

sending mails without authentication..!