The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disable external SMTP authentication

Discussion in 'E-mail Discussions' started by ttremain, Apr 8, 2014.

  1. ttremain

    ttremain Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    212
    Likes Received:
    0
    Trophy Points:
    16
    I am getting a lot of cPHulk messages saying that an SMTP server is under brute force attack. They try from one IP for a while, then try from another, then another.

    This particular server sends and receives very little email. While I do need to allow outside servers to perform callouts, I do not believe I have ANY reason to allow SMTP authentication to this server.

    So how would I block all SMTP authentication attempts? It would be nice if I could add an IP or RDNS whitelist just in case.

    If it were not for callouts, I could probably block all inbound port 25 attempts.

    Thank you!
     
  2. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
  3. ttremain

    ttremain Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    212
    Likes Received:
    0
    Trophy Points:
    16
    Almost, but that thread is from 2006, and the exim configs have changed an awful lot since then.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,743
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The thread referenced, while outdated, still provides the general idea of modifying the "Accept Hosts" entry. Also, have you considered using a firewall management tool such as CSF to block connections to specific ports or to block full IP ranges from accessing those ports?

    Thank you.
     
  5. ttremain

    ttremain Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    212
    Likes Received:
    0
    Trophy Points:
    16
    But "accept hosts" is used in the advanced config several times.
    So far, I think I would have to replace the "default_check_message_pre" section, but I could be incorrect.

    Blocking inbound port 25 via the firewall would not meet the requirements, because it would break the servers ability to receive mail, or receive callout requests.
     
Loading...

Share This Page