Disable Exim local relay via Telnet

kevinlevin

Active Member
Oct 27, 2011
27
0
51
cPanel Access Level
Root Administrator
Hello,

One of my clients is complaining that he is able to connect to the server via telnet and send a test email to himself (spoofing himself) without authentication.
Now I now this is by design but he thinks it is a security risk and someone can spoof him even if the emails are filtered into the spam folder correctly.

Can something be done to disable this in Exim?

Researching for hours and not finding a solution ...

Latest version of cPanel/WHM used.
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
583
54
103
Houston, TX
cPanel Access Level
Root Administrator
Hello! This is just how all mail servers work, not just Exim. When you connect to the server from the same server via telnet or any other method, or you try to send an email to someone on that server, you do not need to authenticate (to that server). If it didn't work this way, email accounts would be unable to accept emails. Exim (and many other MTA's) know when authentication is needed or not. Exim by default is not an open relay.

Accepting email to be delivered to a domain on your server means you never require authentication when relaying to your server, no matter where it is from. You only require authentication when relaying *through* your server.

Notice "through" your server. That's when authentication is required, but when sending from your server to your server, you are already authenticated. If someone knows two accounts on the server, they can send to them without authentication. But they cannot send to another account on another server through your server.

I hope this information helps! Please let me know if you have any further questions.
 

kevinlevin

Active Member
Oct 27, 2011
27
0
51
cPanel Access Level
Root Administrator
Dear cPanelAnthony,

I already know that. However, my customer insisting that someone can on purpose spoof his mail and use this method to spam him without authentication.
So what I am asking is if there is a way to always require authentication even locally or at least a method to block such behavior - hard fail on spf for example.
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
583
54
103
Houston, TX
cPanel Access Level
Root Administrator
The short answer is that there would be unfortunately no way to change this behavior. It is inherent within Exim and can't be bypassed.

Is your client concerned that just anyone could telnet to the server at any time to send emails? In order for his concern to occur, the person attempting to spoof would already need to have access to the server, or at least, a cPanel account; which means, an account would have to be compromised already.
 

kevinlevin

Active Member
Oct 27, 2011
27
0
51
cPanel Access Level
Root Administrator
No, the person attempting to spoof needs only to know that an email account exist for example: [email protected], after that he can just telnet on mail.domain.com 25 and start sending mails from [email protected]main.com to [email protected] or from [email protected]. No authentication is required. You can test that on any cPanel server - works like a charm and can be easily automated via scripts.
 

sparek-3

Well-Known Member
Aug 10, 2002
2,042
230
368
cPanel Access Level
Root Administrator
How do you think Gmail, Hotmail, Yahoo, Comcast, and any other email provider sends emails to the email address?

Better shut those services down too because they're a part of this "security hole"
 
  • Like
Reactions: mtindor

quietFinn

Well-Known Member
Feb 4, 2006
1,394
178
193
Finland
cPanel Access Level
Root Administrator
Anyone with a little knowledge and a decent email client can send emails that seem to come from whatever email address they choose. The sender address can be configured in the email client. You don't need telnet or local relay to do that.
I am very often getting emails that seem to come from my own email address.