The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bandwidth leak through SMTP

Discussion in 'E-mail Discussions' started by dariofg2, Apr 10, 2003.

  1. dariofg2

    dariofg2 Well-Known Member

    Joined:
    Mar 7, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    CPanel has been counting bandwidth from SMTP for about a month (or less?) now, and I've noticed a problem that has been happening all along. Although users with blocked accounts for excessive bandwidth can't access their sites, they CAN send e-mail! And lots of it, if they wish.

    In my case, I have a user that's hired a 800-meg transfer plan, but has already used up 7,6 GIGABYTES (!!!) of SMTP traffic, 20 days to go until the end of the month.

    CPanel feature suggestion: blocking relay for for suspended domains, i.e., no SMTP auth and no validating the IP address for SMTP after POP3 auth.

    -Dario
     
  2. KingmanMe

    KingmanMe Active Member
    PartnerNOC

    Joined:
    Feb 19, 2003
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    Hmm, that's quite a hole if suspended domains are still able to authenticate on SMTP.

    Have you put in the bug report/feature request?
     
  3. AP

    AP Well-Known Member

    Joined:
    Nov 5, 2002
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    and use ftp too. I reported this 2 months ago but didn't see any fixed yet.
     
  4. hostcp3

    hostcp3 Well-Known Member

    Joined:
    Jun 18, 2002
    Messages:
    156
    Likes Received:
    0
    Trophy Points:
    16
    When suspending accounts change the main password.

    If its a problem with users abusing your server change all the passwords for those email accounts.

    If they go further and still find a way to send emails, terminate the account entirely.

    When they are ready to either pay or whatever you have them suspended for just rebuild the account from backup.
     
  5. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Who says?
     
  6. dariofg2

    dariofg2 Well-Known Member

    Joined:
    Mar 7, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    KingmanMe, it seems CPanel's Bugzilla was removed, at least I can't find it anywhere. The support form is a waste of time, your messages fall into deaf ears...

    hostcp3, the main account password IS locked when the account is suspended. That does not stop the account owner from relaying his e-mails. Removing/renaming the account's passwd file by hand is too much trouble, you'll have to keep track of every account that gets blocked.

    sexy_guy, have you ever seen the message "Bandwidth Limit Exceeded"???

    Well, anyway, I wrote patches for /etc/exim.pl and /usr/sbin/antirelayd to do just that, block SMTP relaying for accounts that have transferred too much already. I've sent them to Nick yesterday. Still waiting for a reply, though!

    -Dario
     
  7. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Dario nice, could you please send me a copy of those?
     
  8. dariofg2

    dariofg2 Well-Known Member

    Joined:
    Mar 7, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Sure! It's attached.

    -Dario
     

    Attached Files:

Loading...

Share This Page