Block local relay without authentication

[brandon45]

I've noticed that I can send mail from any existing user to any other existing user on the server without authentication, for example if I have two domains hosted on whm domainone.com and domaintwo.com I can send mails from [email protected] to [email protected] or even to himself without the need to authenticate
is there an exim acl that I can use to block it(I don't want to enforce spf)?

 

[storminternet]

Are you using any script or application to send emails from one domain to another or using outlook ?

 

[brandon45]

Are you using any script or application to send emails from one domain to another or using outlook ?

I'm not, I want to block it because I'm receiving spam messages from for example [email protected] to [email protected]

 

[cPanelMichael]

Hello

How are you sending the email without authentication (e.g. email client, script)? Are you sure that you are not just spoofing the "FROM" address? Have you reviewed the message header to see if it shows the actual sender address?

Thank you.

 

[brandon45]

Hello

How are you sending the email without authentication (e.g. email client, script)? Are you sure that you are not just spoofing the "FROM" address? Have you reviewed the message header to see if it shows the actual sender address?

Thank you.

I'm using telnet, for example

ehlo test.local
mail from:<[email protected]>
rcpt to:<[email protected]>
data
.

 

[cPanelMichael]

What shows up in the message header for the sender?

Thank you.

 

[brandon45]

What shows up in the message header for the sender?

Thank you.

Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Mon, 20 Jul 2015 18:53:55 +0200
Received: from [x.x.x.x] (port=6312 helo=test.local)
by myserver.com with esmtp (Exim 4.85)
(envelope-from <[email protected]>)
id 1ZHEK8-00089t-W8
for [email protected]; Mon, 20 Jul 2015 18:53:55 +0200

 

[Martinho Novais]

Hi!

I have the same problem. I already have active either SPF and DKIM to this account. But, if in the "Sender" is a valid email account, and the "Recipient" is a valid email account for the same domain or from the another domain in the same machine, the message is delivery without autentication.

How you can see, who is generate this message is an IP address that isn't mine. (ceil.webhostingireland.ie - 91.210.235.40 )

How can it is possible? Is there any kind of solution for this problem?

Delivery Event Details
[B]Event[/B]: success 
[B]Sender User[/B]: -remote-
[B]Sender Domain[/B]:
[B]Sender[/B]: [EMAIL][email protected][/EMAIL]
[B]Sent Time[/B]: Aug 19, 2015 4:19:04 AM
[B]Sender Host[/B]: ceil.domain.ie
[B]Sender IP[/B]: 91.210.235.40
[B]Authentication[/B]: localdelivery
[B]Spam Score[/B]: -1.2
[B]Recipient[/B]: [EMAIL][email protected][/EMAIL]
[B]Delivered To[/B]: [EMAIL][email protected][/EMAIL]
[B]deliveryuser[/B]: sisxxxa4
[B]deliverydomain[/B]: sisxxxa4.pt
[B]Router[/B]: virtual_user
[B]Transport[/B]: virtual_userdelivery
[B]Out Time[/B]: Aug 19, 2015 4:19:04 AM
[B]ID[/B]: 1ZRtuN-0006nX-QX
[B]Delivery Host[/B]: localhost
[B]Delivery IP[/B]: 127.0.0.1
[B]Size[/B]: 6.89 KB
[B]Result[/B]: Accepted

 

[cPanelMichael]

I already have active either SPF and DKIM to this account.

Hello

Try enabling the "Reject SPF Failures" option if you want SPF records verified for incoming email. It's found under the "ACL Options" tab in "WHM Home » Service Configuration » Exim Configuration Manager".

Thank you.