Enable Outbound Mail Password...

schoeps

Well-Known Member
Sep 22, 2004
81
7
158
Is there a way in cpanel/whm to enable the sendmail password? Someone is using my mail.xxxx.com to send mail...

Thank you friends!
Sch
 

schoeps

Well-Known Member
Sep 22, 2004
81
7
158
hi,
http://www.webhostgear.com/232.html
check if this can help you in tracking the spammer you may have on your box.

see ya,
mohit
Thanks for the quick reply and script, I dont see what is preventing users from just sending mail using anything (ie outlook) just using mail.xxxyyy.com... There has to be a way to turn on outbound authentication... right?
 

sparek-3

Well-Known Member
Aug 10, 2002
1,983
218
343
cPanel Access Level
Root Administrator
By default, cPanel systems have two authentication methods for allowing users to relay mail through the server. The most common is POP-before-SMTP. The other being SMTP authentication. POP-before-SMTP works by first making users log in and check a valid POP account on the server. When they do this, the IP that performed this POP check is added to a relay list, and then that IP is allowed to send out mail for 30 minutes (I think). The user must check for mail again (regardless of whether or not there is any new mail in the mailbox) within the next 30 minutes to be able to continue to send mail.

SMTP authentication works by taking advantage of special SMTP instructions that authenticates a user via the SMTP protocol and allows relaying for that particular SMTP session. The SMTP username and password is the same as what would be used for checking mail with the POP account.

Is someone from that IP logging into a valid mail account and checking for mail? If so, then that IP would be allowed to relay mail. If you know the IP that is relaying mail, then you can check the maillog (/var/log/maillog) to see who has logged into the POP/IMAP server from what IP and what mail account was checked. If SMTP authentication is used this would be noted in the exim_mainlog (/var/log/exim_mainlog).

If you want to force users to use SMTP authentication, then you need to stop the antirelayd process from running on your server. The antirelayd process is responsible for determining what IP logged into the POP/IMAP server and adding that IP to the IPs that can relay out mail. If this process is not running, then this essentially stops POP-before-SMTP.

Hope this helps.
 

schoeps

Well-Known Member
Sep 22, 2004
81
7
158
By default, cPanel systems have two authentication methods for allowing users to relay mail through the server. The most common is POP-before-SMTP. The other being SMTP authentication. POP-before-SMTP works by first making users log in and check a valid POP account on the server. When they do this, the IP that performed this POP check is added to a relay list, and then that IP is allowed to send out mail for 30 minutes (I think). The user must check for mail again (regardless of whether or not there is any new mail in the mailbox) within the next 30 minutes to be able to continue to send mail.

SMTP authentication works by taking advantage of special SMTP instructions that authenticates a user via the SMTP protocol and allows relaying for that particular SMTP session. The SMTP username and password is the same as what would be used for checking mail with the POP account.

Is someone from that IP logging into a valid mail account and checking for mail? If so, then that IP would be allowed to relay mail. If you know the IP that is relaying mail, then you can check the maillog (/var/log/maillog) to see who has logged into the POP/IMAP server from what IP and what mail account was checked. If SMTP authentication is used this would be noted in the exim_mainlog (/var/log/exim_mainlog).

If you want to force users to use SMTP authentication, then you need to stop the antirelayd process from running on your server. The antirelayd process is responsible for determining what IP logged into the POP/IMAP server and adding that IP to the IPs that can relay out mail. If this process is not running, then this essentially stops POP-before-SMTP.

Hope this helps.
Wow, thank you so much for the detailed response, I certainly appreciate it :) Must be someone from an IP of a good mail user, will look at the logs, thanks again!