Community Forums
Connect with us on LinkedIn
Community Notice
+ Reply to Thread
Results 1 to 9 of 9
  1. #1
    Member
    Join Date
    Jul 2002
    Posts
    303

    Angry Bug in Exim SMTP sending spam with mail.microsoft.com

    I saw that Anyone can send out e-mails with smtp= mail.microsoft.com from my CPanel servers.

    Normally, befor snding e-mails trough your account (using mail.mydomain.com) you have to autentication yourselve by userID and PW eg. downloading e-mails.
    False!

    It works also without prior authentication. In this way Ayone on the world can use your server to sending spam.
    For eg. he can set: mail.microsoft.com, mail.fbi.com, mail cpanel.net etc.

    I note this on different CPanel server... Seems that is a bug..
    Can anyone else give them a look on his server and confirm?

    thanks


    cPanel.net Support Ticket Number:

  2. #2
    Member
    Join Date
    May 2002
    Posts
    429

    Default

    which build are you using?


  3. #3
    Member
    Join Date
    Jul 2002
    Posts
    303

    Default

    Cpanel 6.4.2-R5

    cPanel.net Support Ticket Number:

  4. #4
    Member
    Join Date
    May 2003
    Posts
    34

    Default

    I don't understand what you're talking about:

    telnet cpanel.server.com 25
    Trying xxx.xxx.xxx.xxx...
    Connected to xxx.xxx.com.
    Escape character is '^]'.
    220-xxx.xxx.com ESMTP Exim 3.36 #1 Tue, 20 May 2003 11:43:09 -0400
    220-We do not authorize the use of this system to transport unsolicited,
    220 and/or bulk e-mail.
    mail from: rcs@mail.microsoft.com
    250 <rcs@mail.microsoft.com> is syntactically correct
    rcpt to: rcs@somedomain.com
    550-Host xxx.org [xxx.xxx.xxx.xxx] is not permitted
    550-to relay through xxx.xxx.com.
    550-Perhaps you have not logged into the pop/imap server in the last 30 minutes.550-You may also have been rejected because your ip address
    550-does not have a reverse DNS entry.
    550 relaying to <rcs@somedomain.com> prohibited by administrator

    cPanel.net Support Ticket Number:

    cPanel.net Support Ticket Number:

  5. #5
    Member rpmws's Avatar
    Join Date
    Aug 2001
    Location
    back woods of NC, USA
    Posts
    1,858

    Default

    virus !!! reply address is support@ms and exim is trying to return it there becuase it stopped it from making it to your users.

    cPanel.net Support Ticket Number:
    Just keeping my "eye" on things....
    R. Paul Mathews
    RPMWS - diehard cPanel Nutcase

  6. #6
    Member
    Join Date
    Mar 2002
    Location
    Alberta, Canada
    Posts
    1,509

    Default

    Just your usual Spam -- with an un-acceptable attachment; exe, pif, scr, etc -- having 'support@microsoft.com' as the Sender eMail address. As these type eMails are bounced back to the Sender, Microsoft does not accept them either -- also because of the un-acceptable attachment -- and sends them back. This means they come back to your Server, of course.

    Here are some I received today and the "Received" line is how you tell where they came from:

    Received: from d141-143-123.home.cgocable.net ([24.141.143.123] helo=PUMPED)
    by your_server.com with esmtp (Exim 3.36 #1)

    Received: from ctt187190.ceinetworks.com ([216.169.187.190] helo=CATHY-B)
    by your_server.com with esmtp (Exim 3.36 #1)

    Received: from hsa150.pool033.at101.earthlink.net ([216.249.102.150] helo=3F3ZL01)
    by your_server.com with esmtp (Exim 3.36 #1)

    Received: from aneuilly-109-1-19-204.w81-53.abo.wanadoo.fr ([81.53.73.204] helo=FREE)
    by your_server.com with esmtp (Exim 3.36 #1)


    Just started seeing these myself, since the Cpanel update (to Cpanel 6.4.2-E3) a few days ago.


    Also, it is incorrect to think there is a problem with Cpanel or Exim. There is no security being breached in this problem.

    You'll note where it says:

    "A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    <eMail_address_for_an_account_on_your_Server>
    This message has been rejected because it has"


    Please remember to know what you are talking about (before suggesting something is a bug or security problem) and, it's always nice to have have done some testing on your own, to better explain the problem. This will allow others to give better answers and prevents the spread of false information.

    cPanel.net Support Ticket Number:
    Helping people Host, Create, and Maintain their Web Site
    Also providing Server Admin Services - setup / troubleshooting

    http://potentproducts.com/

  7. #7
    Member rpmws's Avatar
    Join Date
    Aug 2001
    Location
    back woods of NC, USA
    Posts
    1,858

    Default

    It's a virus. why would I lie?

    http://www.trendmicro.com/vinfo/viru...e=WORM_PALYH.A

    cPanel.net Support Ticket Number:
    Just keeping my "eye" on things....
    R. Paul Mathews
    RPMWS - diehard cPanel Nutcase

  8. #8
    Member
    Join Date
    Mar 2002
    Location
    Alberta, Canada
    Posts
    1,509

    Default

    Originally posted by rpmws
    It's a virus. why would I lie?

    http://www.trendmicro.com/vinfo/viru...e=WORM_PALYH.A

    cPanel.net Support Ticket Number:
    Yes, it is a virus and my post was directed to wimp and those that make the type of posts, as the one starting this thread.

    cPanel.net Support Ticket Number:
    Helping people Host, Create, and Maintain their Web Site
    Also providing Server Admin Services - setup / troubleshooting

    http://potentproducts.com/

  9. #9
    Member
    Join Date
    Mar 2003
    Posts
    601

    Default

    Sorry for my ingorance, but I am also seeing these in my mail que. Here is part of an example of one that has the support@microsoft.com:

    19ILB1-000051-00-D
    This message was created automatically by mail delivery software (Exim).

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    xoles@xolesfishies.com
    This message has been rejected because it has
    a potentially executable attachment "password.pif"
    This form of attachment has been used by
    recent viruses or other malware.
    If you meant to send this file then please
    package it up as a zip file and resend it.

    ------ This is a copy of the message, including all the headers. ------

    Return-path:
    Received: from h24-71-148-169.ss.shawcable.net ([24.71.148.169] helo=CAKE)
    by server1.com with esmtp (Exim 3.36 #1)
    id 19ILAy-00004z-00
    for xoles@xolesfishies.com; Tue, 20 May 2003 23:26:04 -0500


    Does this mean the message is being sent from our box, or comming to our box and getting bounced, but comming back to us becuase the return mail is support@interxstream.com?

    If it is the second, the I am assuming I can just need to delete the returned message out of my que?

    Thanks

    cPanel.net Support Ticket Number:

Similar Threads & Tags
Similar threads

  1. For customers w/static IP, have Exim/SMTP use that IP for sending
    By openaccess in forum New User Questions
    Replies: 6
    Last Post: 06-22-2010, 03:31 PM
  2. Replies: 17
    Last Post: 08-30-2007, 09:58 AM
  3. Stop Spam Assasin sending you mail for each mail it stopps
    By Hedloff in forum cPanel and WHM Discussions
    Replies: 2
    Last Post: 01-05-2005, 08:08 PM
  4. SMTP - How to block specific domain for sending mail?
    By netlook in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 06-08-2004, 03:15 AM
  5. Mail Server (EXIM) Someone is sending SPAM and i cannot trac
    By albertg in forum cPanel and WHM Discussions
    Replies: 9
    Last Post: 03-17-2004, 08:48 AM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube