Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Block local relay without authentication

Discussion in 'E-mail Discussion' started by brandon45, Jun 29, 2015.

  1. brandon45

    brandon45 Member

    Joined:
    May 26, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I've noticed that I can send mail from any existing user to any other existing user on the server without authentication, for example if I have two domains hosted on whm domainone.com and domaintwo.com I can send mails from mail@domainone.com to mai@domaintwo.com or even to himself without the need to authenticate
    is there an exim acl that I can use to block it(I don't want to enforce spf)?
     
    #1 brandon45, Jun 29, 2015
  2. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    Are you using any script or application to send emails from one domain to another or using outlook ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 storminternet, Jun 29, 2015
  3. brandon45

    brandon45 Member

    Joined:
    May 26, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm not, I want to block it because I'm receiving spam messages from for example mail@mydomain.com to mail@mydomain.com
     
    #3 brandon45, Jun 29, 2015
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,889
    Likes Received:
    1,814
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    How are you sending the email without authentication (e.g. email client, script)? Are you sure that you are not just spoofing the "FROM" address? Have you reviewed the message header to see if it shows the actual sender address?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, Jul 20, 2015
  5. brandon45

    brandon45 Member

    Joined:
    May 26, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm using telnet, for example

    Code:
    ehlo test.local
mail from:<account@mydomain.com>
rcpt to:<account@mydomain.com>
data
.
     
    #5 brandon45, Jul 20, 2015
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,889
    Likes Received:
    1,814
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    What shows up in the message header for the sender?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 cPanelMichael, Jul 21, 2015
  7. brandon45

    brandon45 Member

    Joined:
    May 26, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Code:
    Return-path: <account@mydomain.com>
Envelope-to: account@mydomain.com
Delivery-date: Mon, 20 Jul 2015 18:53:55 +0200
Received: from [x.x.x.x] (port=6312 helo=test.local)
by myserver.com with esmtp (Exim 4.85)
(envelope-from <account@mydomain.com>)
id 1ZHEK8-00089t-W8
for account@mydomain.com; Mon, 20 Jul 2015 18:53:55 +0200
     
    #7 brandon45, Jul 21, 2015
  8. Martinho Novais

    Martinho Novais Registered

    Joined:
    Aug 19, 2015
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Portugal
    cPanel Access Level:
    Root Administrator
    Hi!

    I have the same problem. I already have active either SPF and DKIM to this account. But, if in the "Sender" is a valid email account, and the "Recipient" is a valid email account for the same domain or from the another domain in the same machine, the message is delivery without autentication.

    How you can see, who is generate this message is an IP address that isn't mine. (ceil.webhostingireland.ie - 91.210.235.40 )

    How can it is possible? Is there any kind of solution for this problem?

    Code:
    Delivery Event Details
[B]Event[/B]: success 
[B]Sender User[/B]: -remote-
[B]Sender Domain[/B]:
[B]Sender[/B]: [EMAIL]scxxxxira@sisxxxa4.pt[/EMAIL]
[B]Sent Time[/B]: Aug 19, 2015 4:19:04 AM
[B]Sender Host[/B]: ceil.domain.ie
[B]Sender IP[/B]: 91.210.235.40
[B]Authentication[/B]: localdelivery
[B]Spam Score[/B]: -1.2
[B]Recipient[/B]: [EMAIL]emxxxs@sisxxxa4.pt[/EMAIL]
[B]Delivered To[/B]: [EMAIL]emxxxs@sisxxxa4.pt[/EMAIL]
[B]deliveryuser[/B]: sisxxxa4
[B]deliverydomain[/B]: sisxxxa4.pt
[B]Router[/B]: virtual_user
[B]Transport[/B]: virtual_userdelivery
[B]Out Time[/B]: Aug 19, 2015 4:19:04 AM
[B]ID[/B]: 1ZRtuN-0006nX-QX
[B]Delivery Host[/B]: localhost
[B]Delivery IP[/B]: 127.0.0.1
[B]Size[/B]: 6.89 KB
[B]Result[/B]: Accepted
     
    #8 Martinho Novais, Aug 19, 2015
    Last edited by a moderator: Aug 19, 2015
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,889
    Likes Received:
    1,814
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    Try enabling the "Reject SPF Failures" option if you want SPF records verified for incoming email. It's found under the "ACL Options" tab in "WHM Home » Service Configuration » Exim Configuration Manager".

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #9 cPanelMichael, Aug 28, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - Block local relay
  1. elyday

    Mail coming from localhost being blocked

    elyday, Apr 29, 2018, in forum: E-mail Discussion
    Replies:
    3
    Views:
    129
    cPanelMichael
    Apr 30, 2018
  2. IdleServ

    New Thread Git dependency blocking yum update

    IdleServ, Jul 17, 2018 at 3:09 AM, in forum: CloudLinux
    Replies:
    0
    Views:
    16
    IdleServ
    Jul 17, 2018 at 3:09 AM
  3. carolainn

    Update is blocked because RPM database is unstable

    carolainn, Jul 13, 2018 at 9:41 AM, in forum: Database Discussion
    Replies:
    1
    Views:
    34
    cPanelLauren
    Jul 13, 2018 at 9:49 AM
  4. Matic

    Blocked access to images and css, js scripts

    Matic, Jul 3, 2018, in forum: General Discussion
    Replies:
    3
    Views:
    60
    cPanelLauren
    Jul 4, 2018
  5. chaosm

    Block spam emails

    chaosm, Jun 29, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    81
    cPanelLauren
    Jun 29, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice