ALL CPANEL servers = limited open relays

**H2Hosting.com** · 09-03-2003 12:57 AM

Hi,

ALL CPANEL servers = limited open relays

I sent this warning to Nick twice (today and a month ago), but nothing was changed/updated... May be this thread will speedup the process.

The problem - If I know that you host domain.com on the server with Cpanel, I can use mail.domain.com as SMTP server to send spam a) to this domain b) to all domains on the server.

It's HUGE PROBLEM!

p.s. I sent an email to Nick using mail.cpanel.net as SMTP server

cPanel.net Support Ticket Number:

**JPmorgan** · 09-03-2003 01:26 AM

Originally posted by H2Hosting.com
Hi,

ALL CPANEL servers = limited open relays

I sent this warning to Nick twice (today and a month ago), but nothing was changed/updated... May be this thread will speedup the process.

The problem - If I know that you host domain.com on the server with Cpanel, I can use mail.domain.com as SMTP server to send spam a) to this domain b) to all domains on the server.

It's HUGE PROBLEM!

p.s. I sent an email to Nick using mail.cpanel.net as SMTP server

cPanel.net Support Ticket Number:

Is that after;

Tue Sep 2 18:33:07 EDT 2003
7.x Build#1
---------------------------------------------------------------

exim4 4.22 (security fix)
---------------------------------------------------------------

cPanel.net Support Ticket Number:

**hostultra** · 09-03-2003 02:10 PM

You can do that on any mail server.

The mailserver is supposed to accept all messages that are for local delivery, because its a delivery and not a RELAY.
If it didnt, you wouldnt be able to get any mail.

cPanel.net Support Ticket Number:

**H2Hosting.com** · 09-03-2003 04:30 PM

Originally posted by hostultra
You can do that on any mail server.

The mailserver is supposed to accept all messages that are for local delivery, because its a delivery and not a RELAY.
If it didnt, you wouldnt be able to get any mail.

Wrong! If my IP is not in the relay_hosts list, I should not send anything using YOUR smtp to YOUR customers. If all servers have the same configuration, it's impossible to stop spam as you should block your own IP

to stop it.

p.s. if you confirm, I will send test email to you through your SMTP.

cPanel.net Support Ticket Number:

**hostultra** · 09-03-2003 04:34 PM

Please give me an example of a mailserver that doesnt accept local deliveries.

Connecting directly to the SMTP and sending the mail locally is a delivery not a relay.

cPanel.net Support Ticket Number:

**roman** · 09-03-2003 05:04 PM

The only solution I can think of is to configure the mail server with a separate ip address for each hosted client.. Which is *not* a good solution.. Since smtp does not pass the hostname you are connecting too.

This way when the mail server answers for a particular ip address it knows which domain name it's affiliated with and would only allow relay to that domain.

cPanel.net Support Ticket Number:

**H2Hosting.com** · 09-03-2003 06:13 PM

Hostultra,

I sent test message to your support@ account.

Look at the header of this email. It's impossible to stop such abuse with current exim+cpanel configuration

cPanel.net Support Ticket Number:

**H2Hosting.com** · 09-03-2003 06:15 PM

Originally posted by hostultra
Connecting directly to the SMTP and sending the mail locally is a delivery not a relay.

It it was just local delivery, spammers would use YOUR smtp to send spam to YOUR account

What is a reason to search for exploits/proxies/open relays if I can send spam using YOUR SMTP! Your RBLs will not block such spam!

cPanel.net Support Ticket Number:

**howard** · 09-03-2003 11:18 PM

i think your making a fuss about nothing, being able to connect to mail.cpanel.net and sending a mail to nick@cpanel.net (or whatever) is hardly radical stuff, and i would of thought would of been common sense since your duplicating whats done by mta's

You may wish to search google (or your favourite search engine) for direct-to-mx spam

cPanel.net Support Ticket Number:

**ameen** · 09-04-2003 01:00 AM

This is common, this is how the mail system works! People have known about this for a while and so have spammers, it is not isolated ot cpanel but to any SMTP server. The reason people still USE relays is because they dont have or want there IP's to be blocked, if i have a server and i write a program to send out using the MTA of each email addy, the IP is in the header, thousands of complaints will be sent to the owner of the block, usually the ISP And i will be shut down immediatly. This is why they mask there IP's using relays etc..

cPanel.net Support Ticket Number:

LinkBack

Thread Tools