The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ALL CPANEL servers = limited open relays

Discussion in 'General Discussion' started by H2Hosting.com, Sep 3, 2003.

  1. H2Hosting.com

    H2Hosting.com Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    ALL CPANEL servers = limited open relays

    I sent this warning to Nick twice (today and a month ago), but nothing was changed/updated... May be this thread will speedup the process.

    The problem - If I know that you host domain.com on the server with Cpanel, I can use mail.domain.com as SMTP server to send spam a) to this domain b) to all domains on the server.

    It's HUGE PROBLEM!

    p.s. I sent an email to Nick using mail.cpanel.net as SMTP server :p

    cPanel.net Support Ticket Number:
     
  2. JPmorgan

    JPmorgan BANNED

    Joined:
    Aug 19, 2003
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    Is that after;

    Tue Sep 2 18:33:07 EDT 2003
    7.x Build#1
    ---------------------------------------------------------------

    exim4 4.22 (security fix)
    ---------------------------------------------------------------

    cPanel.net Support Ticket Number:
     
  3. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    You can do that on any mail server.

    The mailserver is supposed to accept all messages that are for local delivery, because its a delivery and not a RELAY.
    If it didnt, you wouldnt be able to get any mail.

    cPanel.net Support Ticket Number:
     
  4. H2Hosting.com

    H2Hosting.com Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    Wrong! If my IP is not in the relay_hosts list, I should not send anything using YOUR smtp to YOUR customers. If all servers have the same configuration, it's impossible to stop spam as you should block your own IP ;) to stop it.

    p.s. if you confirm, I will send test email to you through your SMTP.

    cPanel.net Support Ticket Number:
     
  5. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    Please give me an example of a mailserver that doesnt accept local deliveries.

    Connecting directly to the SMTP and sending the mail locally is a delivery not a relay.

    cPanel.net Support Ticket Number:
     
  6. roman

    roman Well-Known Member
    PartnerNOC

    Joined:
    Feb 13, 2002
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    The only solution I can think of is to configure the mail server with a separate ip address for each hosted client.. Which is *not* a good solution.. Since smtp does not pass the hostname you are connecting too.


    This way when the mail server answers for a particular ip address it knows which domain name it's affiliated with and would only allow relay to that domain.

    cPanel.net Support Ticket Number:
     
  7. H2Hosting.com

    H2Hosting.com Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    Hostultra,

    I sent test message to your support@ account.

    Look at the header of this email. It's impossible to stop such abuse with current exim+cpanel configuration

    cPanel.net Support Ticket Number:
     
  8. H2Hosting.com

    H2Hosting.com Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    It it was just local delivery, spammers would use YOUR smtp to send spam to YOUR account ;) What is a reason to search for exploits/proxies/open relays if I can send spam using YOUR SMTP! Your RBLs will not block such spam!

    cPanel.net Support Ticket Number:
     
  9. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    i think your making a fuss about nothing, being able to connect to mail.cpanel.net and sending a mail to nick@cpanel.net (or whatever) is hardly radical stuff, and i would of thought would of been common sense since your duplicating whats done by mta's

    You may wish to search google (or your favourite search engine) for direct-to-mx spam

    cPanel.net Support Ticket Number:
     
    #9 howard, Sep 3, 2003
    Last edited: Sep 3, 2003
  10. ameen

    ameen Member

    Joined:
    Apr 27, 2002
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    This is common, this is how the mail system works! People have known about this for a while and so have spammers, it is not isolated ot cpanel but to any SMTP server. The reason people still USE relays is because they dont have or want there IP's to be blocked, if i have a server and i write a program to send out using the MTA of each email addy, the IP is in the header, thousands of complaints will be sent to the owner of the block, usually the ISP And i will be shut down immediatly. This is why they mask there IP's using relays etc..

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page