The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Deny "external" domains on SMTP

Discussion in 'E-mail Discussions' started by Astral God, Oct 29, 2013.

  1. Astral God

    Astral God Well-Known Member

    Joined:
    Sep 27, 2010
    Messages:
    180
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    127.0.0.1
    cPanel Access Level:
    Root Administrator
    Hi.

    If i try to use my server (smtp.mydomain.com) with good credentials (login: userATmydomain.com + Password) but with external email (lets say neuserATgmail.com) i can send emails.

    Q: Is there a way to accept SMTP connection only if the domain matches the login (smtp.mydomain.com accepts only *ATmydomain.com)

    Thanks.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you elaborate a bit more on the specific scenario you are referring to? Do you mean you want to disable SMTP for all non-local connections? The following option under "ACL Options" in "WHM Home » Service Configuration » Exim Configuration Manager" may be of interest to you instead:

    "Require RFC-compliant HELO"

    This will require incoming SMTP connections to send HELO conforming to internet standards (RFC2821 4.1.1.1).

    Thank you.
     
  3. Astral God

    Astral God Well-Known Member

    Joined:
    Sep 27, 2010
    Messages:
    180
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    127.0.0.1
    cPanel Access Level:
    Root Administrator
    Let's say you've an account at my server using "yourdomain.com"; and you use Thunderbird as email client.
    On your Thunderbird, you've some email accounts (@cpanel.net, @gmail.com, @youdomain.com)
    You use the same SMTP - my server - as your SMTP server.

    What i wish is that when you try to send emails with @gmail.com or @gmail.com you're denied, but when you sendas @mydomain.com, you're allowed.
     
  4. simonas

    simonas Well-Known Member

    Joined:
    Apr 21, 2013
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lithuania
    cPanel Access Level:
    Root Administrator
    You can do it by setting a filter in Cpanel.

    System wide you could do this using Exim advanced settings.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    That should already be configured by default. For instance, I could not configure the SMTP server in my email client with your server's hostname and use it to send email from a Gmail account. It would be denied due to the SMTP authentication requirement.

    Thank you.
     
  6. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    If you have an email account in his server you can authenticate using that account's credentials in his SMTP server, and after that you are able to send so that the sender address is whatever you want.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    If the original poster is referring to this type of scenario, the following option may be useful to them in "WHM Home » Service Configuration » Exim Configuration Manager" under the "Mail" tab:

    "EXPERIMENTAL: Rewrite From: header to match actual sender"

    "If you enabled this option, the From: header will be rewritten to be the email address of the actual message sender. If you choose the "remote" option, only messages that are being sent to remote destinations will be affected."

    Thank you.
     
  8. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    One would expect that to be configured but it quite definitely isn't and has over the last few months become a major point of spammer attack. They are stealing SMTP passwords from infected/trojanned user PCs and using them to send spam "from" external users (eg fred123@aol.com). Outgoing limits help a lot, but the spam still gets out, so our servers are getting blacklisted.

    Obviously this is a major problem - I was contacted about this by one of the major email providers recently (ask me which one offline if you need more info, can provide internal contact point) - and it is being used to attack them in a huge way. For instance, the current round of attacks over easter was sending out emails as xxx@aol.com. (there were a lot of attacks from the posts here)

    We need this fixed in the default cpanel config so that we are protected - possibly a check option to turn on would be great. The rule needs to be something like "only allow authenticated SMTP users to send from the current authenticated domain" (or perhaps, current authenticated email user).

    While the "Experimental From" rule does tie the user to a correct email address nicely, I'd prefer to be able to drop or bounce this email as spam immediately. If the spam isn't sent in the first place, there's a lot less work for everyone and no risk of getting blacklisted.

    If you have an exim ACL you could point us to that would be a great help as we're getting attacked right now. I understand that the above "Experimental From" helps, but it isn't a real solution as the spam still gets sent.
     
    #8 brianoz, Apr 21, 2014
    Last edited: Apr 21, 2014
  9. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Thanks Michael, that's a helpful link.

    Here's some more analysis of this so you can see how important it is - there is widespread hacking of cpanel servers across the internet at the moment:

    Web Hosting Talk - View Single Post - FEATURED Massive uptick in SMTP Auth spam

    The insidious part of this is that spammers send only a small number of messages through any particular account. This can takes months to catch! Unless it gets one of your IPs blacklisted, with no symptoms.
     
  10. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page