#1 (permalink)  
Old 05-20-2003, 03:59 AM
Registered User
 
Join Date: Jul 2002
Posts: 303
wimp
Angry Bug in Exim SMTP sending spam with mail.microsoft.com

I saw that Anyone can send out e-mails with smtp= mail.microsoft.com from my CPanel servers.

Normally, befor snding e-mails trough your account (using mail.mydomain.com) you have to autentication yourselve by userID and PW eg. downloading e-mails.
False!

It works also without prior authentication. In this way Ayone on the world can use your server to sending spam.
For eg. he can set: mail.microsoft.com, mail.fbi.com, mail cpanel.net etc.

I note this on different CPanel server... Seems that is a bug..
Can anyone else give them a look on his server and confirm?

thanks


cPanel.net Support Ticket Number:
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 05-20-2003, 07:46 AM
Registered User
 
Join Date: May 2002
Posts: 429
Angel78
which build are you using?

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 05-20-2003, 07:53 AM
Registered User
 
Join Date: Jul 2002
Posts: 303
wimp
Cpanel 6.4.2-R5

cPanel.net Support Ticket Number:
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 05-20-2003, 10:47 AM
Registered User
 
Join Date: May 2003
Posts: 34
uadm
I don't understand what you're talking about:

telnet cpanel.server.com 25
Trying xxx.xxx.xxx.xxx...
Connected to xxx.xxx.com.
Escape character is '^]'.
220-xxx.xxx.com ESMTP Exim 3.36 #1 Tue, 20 May 2003 11:43:09 -0400
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
mail from: rcs@mail.microsoft.com
250 <rcs@mail.microsoft.com> is syntactically correct
rcpt to: rcs@somedomain.com
550-Host xxx.org [xxx.xxx.xxx.xxx] is not permitted
550-to relay through xxx.xxx.com.
550-Perhaps you have not logged into the pop/imap server in the last 30 minutes.550-You may also have been rejected because your ip address
550-does not have a reverse DNS entry.
550 relaying to <rcs@somedomain.com> prohibited by administrator

cPanel.net Support Ticket Number:

cPanel.net Support Ticket Number:
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 05-20-2003, 11:00 AM
rpmws's Avatar
Registered User
 
Join Date: Aug 2001
Location: back woods of NC, USA
Posts: 1,843
rpmws is on a distinguished road
virus !!! reply address is support@ms and exim is trying to return it there becuase it stopped it from making it to your users.

cPanel.net Support Ticket Number:
__________________
Just keeping my "eye" on things....
R. Paul Mathews
RPMWS - diehard cPanel Nutcase
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 05-20-2003, 05:54 PM
Registered User
 
Join Date: Mar 2002
Location: Alberta, Canada
Posts: 1,508
Website Rob
Just your usual Spam -- with an un-acceptable attachment; exe, pif, scr, etc -- having 'support@microsoft.com' as the Sender eMail address. As these type eMails are bounced back to the Sender, Microsoft does not accept them either -- also because of the un-acceptable attachment -- and sends them back. This means they come back to your Server, of course.

Here are some I received today and the "Received" line is how you tell where they came from:

Received: from d141-143-123.home.cgocable.net ([24.141.143.123] helo=PUMPED)
by your_server.com with esmtp (Exim 3.36 #1)

Received: from ctt187190.ceinetworks.com ([216.169.187.190] helo=CATHY-B)
by your_server.com with esmtp (Exim 3.36 #1)

Received: from hsa150.pool033.at101.earthlink.net ([216.249.102.150] helo=3F3ZL01)
by your_server.com with esmtp (Exim 3.36 #1)

Received: from aneuilly-109-1-19-204.w81-53.abo.wanadoo.fr ([81.53.73.204] helo=FREE)
by your_server.com with esmtp (Exim 3.36 #1)


Just started seeing these myself, since the Cpanel update (to Cpanel 6.4.2-E3) a few days ago.


Also, it is incorrect to think there is a problem with Cpanel or Exim. There is no security being breached in this problem.

You'll note where it says:

"A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

<eMail_address_for_an_account_on_your_Server>
This message has been rejected because it has"


Please remember to know what you are talking about (before suggesting something is a bug or security problem) and, it's always nice to have have done some testing on your own, to better explain the problem. This will allow others to give better answers and prevents the spread of false information.

cPanel.net Support Ticket Number:
__________________
Helping people Host, Create, and Maintain their Web Site
Also providing Server Admin Services - setup / troubleshooting

http://potentproducts.com/
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 05-20-2003, 06:28 PM
rpmws's Avatar
Registered User
 
Join Date: Aug 2001
Location: back woods of NC, USA
Posts: 1,843
rpmws is on a distinguished road
It's a virus. why would I lie?

http://www.trendmicro.com/vinfo/viru...e=WORM_PALYH.A

cPanel.net Support Ticket Number:
__________________
Just keeping my "eye" on things....
R. Paul Mathews
RPMWS - diehard cPanel Nutcase
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 05-21-2003, 05:26 AM
Registered User
 
Join Date: Mar 2002
Location: Alberta, Canada
Posts: 1,508
Website Rob
Quote:
Originally posted by rpmws
It's a virus. why would I lie?

http://www.trendmicro.com/vinfo/viru...e=WORM_PALYH.A

cPanel.net Support Ticket Number:
Yes, it is a virus and my post was directed to wimp and those that make the type of posts, as the one starting this thread.

cPanel.net Support Ticket Number:
__________________
Helping people Host, Create, and Maintain their Web Site
Also providing Server Admin Services - setup / troubleshooting

http://potentproducts.com/
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 05-21-2003, 09:25 AM
Registered User
 
Join Date: Mar 2003
Posts: 577
noimad1
Sorry for my ingorance, but I am also seeing these in my mail que. Here is part of an example of one that has the support@microsoft.com:

19ILB1-000051-00-D
This message was created automatically by mail delivery software (Exim).

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

xoles@xolesfishies.com
This message has been rejected because it has
a potentially executable attachment "password.pif"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.

------ This is a copy of the message, including all the headers. ------

Return-path:
Received: from h24-71-148-169.ss.shawcable.net ([24.71.148.169] helo=CAKE)
by server1.com with esmtp (Exim 3.36 #1)
id 19ILAy-00004z-00
for xoles@xolesfishies.com; Tue, 20 May 2003 23:26:04 -0500


Does this mean the message is being sent from our box, or comming to our box and getting bounced, but comming back to us becuase the return mail is support@interxstream.com?

If it is the second, the I am assuming I can just need to delete the returned message out of my que?

Thanks

cPanel.net Support Ticket Number:
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 02:12 AM.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
© cPanel Inc