Community Forums
Connect with us on LinkedIn
Exim bug, you can send email from "one" domain to the "same" domain without Auth.
  
+ Reply to Thread
Results 1 to 2 of 2
  1. 10-11-2004 03:16 AM #1
    mohamed_gaber
    mohamed_gaber is offline
    Member
    Join Date
    Mar 2003
    Posts
    16

    Default Exim bug, you can send email from "one" domain to the "same" domain without Auth.

    Hi,

    If you try to telnet to any Exim mail server :
    telnet domain.com 25

    Then you try to send email from "one" domain to the "same" domain on that "same" server, it will be routed successfully without Auth.

    I know that is not a serious problem, or considered an open relay, but still it can be inconvenient for some server admins.

    An Example illustrating that :
    C:> telnet domain.com 25
    220-server1.domain.com ESMTP Exim 4.43 #1 Mon, 11 Oct 2004 10:54:12 +0300
    220-We do not authorize the use of this system to transport unsolicited,
    220 and/or bulk e-mail.
    rset
    250 Reset OK
    helo sosos.com
    250 server1.domain.com Hello sosos.com [62.139.139.42]
    mail from:<test@domain.com>
    250 OK
    rcpt to:<anything@domain.com>
    250 Accepted
    data
    354 Enter message, ending with "." on a line by itself
    from: test@domain.com
    to: anything@domain.com
    subject: testttttttttttttt

    the body message
    .
    250 OK id=1CGv1G-0000yP-S8
    Reply With Quote Reply With Quote
  2. 10-11-2004 03:34 AM #2
    chirpy
    chirpy is offline
    Super Moderator This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,495

    Default

    That's how SMTP works and always has done, it's certainly not a bug in Exim. If you accept email to be delivered to a domain on your server, then you never require authentication when relaying to your server, no matter where it is from. You only require authentication when relaying through your server.
    Jonathan Michaelson

    Need your cPanel servers secured and tuned?
    cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
    Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
    http://www.configserver.com
    Reply With Quote Reply With Quote
«   Managing Cluster | chown Disk quota exceeded »     
Similar Threads & Tags
Similar threads

  1. Per domain Enable/disable "verify sender", "callouts" and RBL lookups
    By gpilot in forum E-mail Discussions
    Replies: 11
    Last Post: 06-11-2009, 07:15 AM
  2. Can we use "smtp.domain.com" instad of "mail.domain.com"?
    By BraveX in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 09-28-2006, 02:47 PM
  3. Delete "Domain Forwarder" Lose "Forwarders?"
    By XinXang in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 03-19-2005, 08:44 AM
  4. Mailman and "The maximum each domain can send out per hour" setting
    By qwerty in forum cPanel and WHM Discussions
    Replies: 7
    Last Post: 06-12-2004, 01:33 AM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube