The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bug in Exim SMTP sending spam with mail.microsoft.com

Discussion in 'E-mail Discussions' started by wimp, May 20, 2003.

  1. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    I saw that Anyone can send out e-mails with smtp= mail.microsoft.com from my CPanel servers.

    Normally, befor snding e-mails trough your account (using mail.mydomain.com) you have to autentication yourselve by userID and PW eg. downloading e-mails.
    False!

    It works also without prior authentication. In this way Ayone on the world can use your server to sending spam.
    For eg. he can set: mail.microsoft.com, mail.fbi.com, mail cpanel.net etc.

    I note this on different CPanel server... Seems that is a bug..
    Can anyone else give them a look on his server and confirm?

    thanks
    :(

    cPanel.net Support Ticket Number:
     
  2. Angel78

    Angel78 Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    413
    Likes Received:
    1
    Trophy Points:
    16
    which build are you using?
     
  3. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    Cpanel 6.4.2-R5

    cPanel.net Support Ticket Number:
     
  4. uadm

    uadm Well-Known Member

    Joined:
    May 19, 2003
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    6
    I don't understand what you're talking about:

    telnet cpanel.server.com 25
    Trying xxx.xxx.xxx.xxx...
    Connected to xxx.xxx.com.
    Escape character is '^]'.
    220-xxx.xxx.com ESMTP Exim 3.36 #1 Tue, 20 May 2003 11:43:09 -0400
    220-We do not authorize the use of this system to transport unsolicited,
    220 and/or bulk e-mail.
    mail from: rcs@mail.microsoft.com
    250 <rcs@mail.microsoft.com> is syntactically correct
    rcpt to: rcs@somedomain.com
    550-Host xxx.org [xxx.xxx.xxx.xxx] is not permitted
    550-to relay through xxx.xxx.com.
    550-Perhaps you have not logged into the pop/imap server in the last 30 minutes.550-You may also have been rejected because your ip address
    550-does not have a reverse DNS entry.
    550 relaying to <rcs@somedomain.com> prohibited by administrator

    cPanel.net Support Ticket Number:

    cPanel.net Support Ticket Number:
     
  5. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    virus !!! reply address is support@ms and exim is trying to return it there becuase it stopped it from making it to your users.

    cPanel.net Support Ticket Number:
     
  6. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Just your usual Spam -- with an un-acceptable attachment; exe, pif, scr, etc -- having 'support@microsoft.com' as the Sender eMail address. As these type eMails are bounced back to the Sender, Microsoft does not accept them either -- also because of the un-acceptable attachment -- and sends them back. This means they come back to your Server, of course.

    Here are some I received today and the "Received" line is how you tell where they came from:

    Received: from d141-143-123.home.cgocable.net ([24.141.143.123] helo=PUMPED)
    by your_server.com with esmtp (Exim 3.36 #1)

    Received: from ctt187190.ceinetworks.com ([216.169.187.190] helo=CATHY-B)
    by your_server.com with esmtp (Exim 3.36 #1)

    Received: from hsa150.pool033.at101.earthlink.net ([216.249.102.150] helo=3F3ZL01)
    by your_server.com with esmtp (Exim 3.36 #1)

    Received: from aneuilly-109-1-19-204.w81-53.abo.wanadoo.fr ([81.53.73.204] helo=FREE)
    by your_server.com with esmtp (Exim 3.36 #1)


    Just started seeing these myself, since the Cpanel update (to Cpanel 6.4.2-E3) a few days ago.


    Also, it is incorrect to think there is a problem with Cpanel or Exim. There is no security being breached in this problem.

    You'll note where it says:

    "A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    <eMail_address_for_an_account_on_your_Server>
    This message has been rejected because it has"


    Please remember to know what you are talking about (before suggesting something is a bug or security problem) and, it's always nice to have have done some testing on your own, to better explain the problem. This will allow others to give better answers and prevents the spread of false information.

    cPanel.net Support Ticket Number:
     
  7. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
  8. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
  9. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    Sorry for my ingorance, but I am also seeing these in my mail que. Here is part of an example of one that has the support@microsoft.com:

    19ILB1-000051-00-D
    This message was created automatically by mail delivery software (Exim).

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    xoles@xolesfishies.com
    This message has been rejected because it has
    a potentially executable attachment "password.pif"
    This form of attachment has been used by
    recent viruses or other malware.
    If you meant to send this file then please
    package it up as a zip file and resend it.

    ------ This is a copy of the message, including all the headers. ------

    Return-path:
    Received: from h24-71-148-169.ss.shawcable.net ([24.71.148.169] helo=CAKE)
    by server1.com with esmtp (Exim 3.36 #1)
    id 19ILAy-00004z-00
    for xoles@xolesfishies.com; Tue, 20 May 2003 23:26:04 -0500


    Does this mean the message is being sent from our box, or comming to our box and getting bounced, but comming back to us becuase the return mail is support@interxstream.com?

    If it is the second, the I am assuming I can just need to delete the returned message out of my que?

    Thanks

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page