exim w/open relay

**kokoman** · 07-29-2003 08:27 PM

Hello people..

I have a big security problem when I set a demo account under Cpanel, the exim relay mail if somebody is authenticated using the user/pass corresponding to that demo account.

I was tried modifying the statements defined into ACL under check_recipient: in exim.conf but I can´t to prevent any demo user to send emails from any host to any other host, by means of the user / pass. THIS MEANS A SPAM HOLE.

I try to remove the demo domain from /etc/localdomains, but exim (with the actual conf) still relaying if the mail session is authenticated.

Below is a scratch from my actual exim.conf

******
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.

accept hosts = :

require verify = sender
accept domains = +local_domains
accept domains = +relay_domains
accept hosts = +relay_hosts
accept condition = ${perl{checkrelayhost}{$sender_host_address}}
accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.

endpass
accept authenticated = *
deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.

******

cPanel.net Support Ticket Number:

**shaun** · 08-01-2003 04:45 AM

try this

rm -rf /home/demo/mail
rm -rf /home/demo/etc
mkdir /home/demo/mail
mkdir /home/demo/etc
chattr +ia /home/demo/mail
chattr +ia /home/demo/etc

i dont know for sure if that will work but give it a shot. also you may want to

echo > /etc/proftpd/demo
chattr +ia /etc/proftpd/demo

REMEMBER DEMO is just the username i choose if you demo account has the username cpdemo you would replace demo with cpdemo

cPanel.net Support Ticket Number:

**Hispalab** · 03-05-2004 05:53 AM

Delete demo accounts because your demo user is authenticated on exim for send spam.
Luis Miguel.

**Habikki** · 07-15-2004 12:01 PM

Hey Shaun,

Do you think that just removing the mail directory all togeter would be enough? I mean the problem is that they are using the demo account to spam. What if you just simply removed it all togher? That way it woulnd't be able to verify?

I'm not all that into mail management, though if it goes to look up the username and password for mail when they try to auth, wouldn't it not work?

Or how about trying to simply place a random hash of a password to other then demo in demo's mail file? That would fail the auth when mail is attmpted to be sent.

Just throwing ideas around because I'm being nailed with the same problem.

Cheers,
Robby

**greggcz** · 07-27-2004 11:56 PM

this patch fixes it:

BEGIN PATCH (copy and paste the below into mailpatch):
529a530,532
> if(isdemo($uid)) {
> die "demo accounts are not permitted to relay mail [$uid]";
> }
END PATCH

how to do it :

1.create file mailpatch
2.copy+paste the above into the file
2. execute:
patch /etc/exim.pl < mailpatch

After that exim will not let demo account authenticate via SMTP . This worked for me very well.

Good luck :-)

-Gregg

**cass** · 08-25-2004 05:09 PM

Okey...
I've a serios spam problem on a client server...
is there a way to configure exim to NOT RELAY
so... that the FROM: could only contain a domain in the server.

cause... once autenticated... (ie a normal user) ... mails using any email address could be sent (ie all this new viruses around).
So, I want to configure this server so that only the local_domains can send mail (the FROM

... yes to any address.

Also... an optional configuration where autenticated users could only send email using their OWN domain(s) only (main + addons, etc) , could be also good to know.

Regards

**chirpy** · 08-26-2004 03:21 AM

If you stop the antirelayd process you will effectively stop POP before SMTP which should suit your needs. Users will then only be able to relay email through the server using SMTP AUTH. Remember to empty out /etc/relayhosts too.

**boyforeigner** · 08-31-2004 11:17 PM

Can you explain better how do this this patch. Step by step please.

**cass** · 09-07-2004 04:38 PM

Now, let me ask again on another way ...

I want that ONLY localdomains be relayed on the server, I want to block any other domain to be relayed on the server.
The pop before smtp is okey... the problem is that someone could auth with their account... and then send out spam using ANY DOMAIN, I want this to be localdomains only.
On the other side... the scripts... can send emails using any domain... I hate this! is there a way to also block if the from: domain is not on localdomains?

Regards.

**chirpy** · 09-08-2004 02:59 AM

You'd probably better off asking this on the exim mailing list as they're mor likely able to point you in the right direction.

**greggcz** · 10-16-2004 06:37 PM

Originally Posted by boyforeigner

Can you explain better how do this this patch. Step by step please.

it's simple: exim.pl has a bug that allows demo accounts to be used to send emails this just adds couple of lines of code to check if it's a demo account before letting it send emails.

LinkBack

Thread Tools

exim w/open relay

Can you explain better how do this this patch

why is my exim an open relay??

Exim might be a Open Relay

Exim 280 and below is open relay!

Are you open relay with EXIM? Yes you are.