Email Spoofing Exim How Can This Be Stopped

I just tested my server and found that I could send spoofed e-mail. Good news is the headers show the originating IP address. I'd like to know how to defeat this process;

I did this from Windows XP without using any credentials whatsoever:

run > cmd > enter
telnet > enter
o mail.myserver.com 25 > enter
Mail from: myadminacct@mydomain.com > enter
RCPT to: anyaddress@anydomain.com > enter
DATA > enter
From: myadminacct@mydomain.com > enter
TO: anyaddress@anydomain.com > enter
Hello. > enter
This is a spoofed email from my server > enter
. > enter
> enter


anyaddress@anydomain.com gets the email from the forged myadminacct@mydomain.com

 

I have SPF and domain keys configured properly. The server also passes the open relay tests. So you're saying anyone from anywhere can send e-mail as anyone from anywhere in this fashion?

 

I can't say it's been a problem for me, but I have had a couple of these turn up over the years and I had no idea where they came from.

Do spammers have a script they can use to exploit this or is this limited to sending one e-mail at a time?

 

I have it turned on and I also have the SMTP tweak setup. Give it a shot on your server and see if you get the same results.

Don't use the > (greater than signs) I just put those in to say do this next.

 

I don't use bind on my server. I use and external DNS server. I changed the theme on the main site from x to x3 and enabled SPF authentication in Cpanel and so far it looks like I am no longer able to send like this.

I did a hard bounce -all

Does this mean that SPF authentication has to be turned on in CPanel?

I setup all my domain keys manually way back when they were still experimental in cpanel. It won't take too much effort to go in and setup all the SPF records for the domains I host if this will do the trick.

 

I believe you. Where did you setup pop before smtp. I did it in the tweak section. Should I be doing it somewhere else?

 

I got WARNING! Your server could be an open relay. I've got something configured wrong.

 

It was not set for monitoring
Also all the sub items are checked.
x cPbandwd
x Eximstats
x Antirelayd

 

root 18460 0.0 0.0 5016 660 pts/0 S+ 23:49 0:00 \_ grep tail
root 5749 0.0 0.2 9108 6112 ? Ss 22:29 0:00 tailwatchd

 

No I don't see it.

BTW thanks for taking the time to help me. I am going to reset the exim.conf to default.