Are you open relay with EXIM? Yes you are.

[pirania1]

After doing some tests from qualys.com I looked up their relaying report.
With current version of cpanel and exim you can actually relay the emails.
Try this:

telnet yourhost.com 25
mail from: <address you want to relay>
rcpt to: "dummyaddy@hotmail.com"@yourhost.com
data
test relay
.
quit

Replace yourhost.com with your domain name.
It will bounce from your server and send a message to <address you want to relay>.

Can you please confirm if the same problem exists on your servers?

cPanel.net Support Ticket Number:

[jamesbond]

Originally posted by pirania1
After doing some tests from qualys.com I looked up their relaying report.
With current version of cpanel and exim you can actually relay the emails.
Try this:

telnet yourhost.com 25
mail from: <address you want to relay>
rcpt to: "dummyaddy@hotmail.com"@yourhost.com
data
test relay
.
quit

Replace yourhost.com with your domain name.
It will bounce from your server and send a message to <address you want to relay>.

Can you please confirm if the same problem exists on your servers?

I did the scan as well and it mentioned the relaying bit. It didn't state that it was an open relay though, did it? It just said the mail server uses relaying.

As far as I know Exim only allows relaying for the ip's listed in /etc/relayhosts ( I hope )

cPanel.net Support Ticket Number:

[tAzMaNiAc]

Are you testing from another server or your own machine?

It's got antirelayd which blocks this kind of b.s.

cPanel.net Support Ticket Number:

[tAzMaNiAc]

220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
mail from: bullcrap@bullcrap.com
rcpt to: "darnit@hotmail.com"250 <bullcrap@bullcrap.com> is syntactically correct

501 "darnit@hotmail.com": recipient address must contain a domain
rcpt to: "darnit@darnit.com"@crazywipe.com
250 <"darnit@darnit.com"@crazywipe.com> is syntactically correct
data
354 Enter message, ending with "." on a line by itself
test relay
.
451 rejected: temporarily unable to verify sender address <bullcrap@bullcrap.com> (try later)
quit

cPanel.net Support Ticket Number:

[pirania1]

Hmm.. With my test:

220- ESMTP Exim 3.36 #1 Tue, 03 Jun 2003 17:22:08 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
mail from: <email removed>
250 <<email removed>> is syntactically correct
rcpt to: "darnit@hotmail.com"@myhost.net
250 <"darnit@hotmail.com"@myhost.net> is syntactically correct
data
354 Please start mail input.
test relay
.
250 Mail queued for delivery.

And it reaches destination as I mentioned.
I do have antirelayd and all standard settings of cpanel, while it seems not to help.

cPanel.net Support Ticket Number:

[sexy_guy]

Well if you look at your log files you will see messages like RELAYING REFUSED even with the default exim.conf relaying is not allowed. And pirania1, you shouldn't even have telnet open.

cPanel.net Support Ticket Number:

[pirania1]

I don't have telnet open. I'm just telnetting from my local machine to the box on exim's port.
Exim's log shows following:
2003-06-03 17:28:05 19NKGC-0004rd-00 ** "darnit@hotmail.com"@<censored>: unknown local-part "darnit@hotmail.com" in domain "<censored>"
2003-06-03 17:28:05 19NKGD-000536-00 <= <> R=19NKGC-0004rd-00 U=root P=local S=1207
2003-06-03 17:28:05 19NKGC-0004rd-00 Error message sent to <censored>
2003-06-03 17:28:05 19NKGC-0004rd-00 Completed

Notice the "error message sent to", this is where it "bounces" email to external destination.

cPanel.net Support Ticket Number:

[Noldar]

If you have checked your email from the machine you are doing the test from it will be listed in /etc/relayhosts and will therefore allow relaying.

Richard

cPanel.net Support Ticket Number:

[pirania1]

I was suprised that spammers didn't use that earlier.

Can you imagine how perfect it is?
Use is getting message: Your mail could not be delivered which is coming from legitimate server..
So of course I open because I want to know whom my mail did not reach.. And what I see? Penis enlargements!

100% guaranteed that people will read it.

Now we need answer from Cpanel, what to do about it.

cPanel.net Support Ticket Number:

[howard]

look into adding receiver_verify to exim.conf this makes exim check that all files it needs to deliver the message are there and have the correct entires, there are no permissions problems etc before going onto the data phase (it looks like your exim is doing check after the data phase and thus rejecting it then)

Also bear in mind if you have the default cpanel setup of accepting anything@domainhostedonserver.com it literally does mean anything as long as its got a domain which is in /etc/localdomains at the end (e.g. so the "user@hotmail.com"@example.com would be accepted if you were accepting everything for example.com)

cPanel.net Support Ticket Number:

[tAzMaNiAc]

Guys, you didn't use standard open relay tests.

Here is something to try:

http://www.email-test.com/cgi-bin/we...show_openrelay

I tried mine and the output was:

PASSED the Open Relay test.
The server did not allow mail to be relayed using standard relay techniques. Server-specific bugs may exist and could potentially be exploited - this test is not a substitute for monitoring server upgrades and security alerts.

cPanel.net Support Ticket Number:

[tAzMaNiAc]

Originally posted by pirania1
I was suprised that spammers didn't use that earlier.

Can you imagine how perfect it is?
Use is getting message: Your mail could not be delivered which is coming from legitimate server..
So of course I open because I want to know whom my mail did not reach.. And what I see? Penis enlargements!

100% guaranteed that people will read it.

Now we need answer from Cpanel, what to do about it.

cPanel.net Support Ticket Number:

You need to learn how to use spam protection. I have not seen a spam problem... only those INCOMING not OUTGOING from my server.

If yours is CPanel 6.4.2 then we've got the same thing, and I don't have anything wrong with my system... I am not sure what is wrong with yours if you think it's compromised.

cPanel.net Support Ticket Number:

[tAzMaNiAc]

I also got this disclaimer:

Some systems appear to accept relay mail, but then reject messages internally rather than delivering them, but you cannot tell at this point whether the message will be relayed or not unless you specify an email address and receive the test message.

I did the test, and did not get the e-mail.

So, you may think it is, but it's not. I guess Cpanel needs to answer this specifically so we all get the big picture.

cPanel.net Support Ticket Number:

[pirania1]

tAzMaNiAc with all due respect..
I do have new server on cpanel. Default configuration.
6.4.2-R50

I did that test, and received that test message bounced.
Standard tests tell you nothing, since new bugs and methods of hacking are developped by minute.

I am not saying that affects all machines. It did mine.
I'm going now thru specs on exim.org to see if that problem has been addressed. I don't believe that box is compromised since it's pretty new.

Howard: In my exim.conf there is no receiver_verify entry.

cPanel.net Support Ticket Number: submitted

[howard]

In cpanel current exim config it will see if the domain will accept anypossibleaddress@example.com if it cannot then it will reject it after it has received the message (i.e. in the DATA phase) this is what your seeing

If you wish to reject it before it gets to the DATA part then you should add the aforementioned receiver_verify option into exim.conf this will move the check which it normally does after it has received message to before it does, this is so so you don't have to waste bandwidth on a message whicch might be rejected after it has received it (this is of course based on a normal non virus/spam message as you have to wait until after you received the message to decide what to do with those_

cPanel.net Support Ticket Number: