The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim authentication does not work!

Discussion in 'General Discussion' started by jackie46, Sep 15, 2005.

  1. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0
    People, authentication does not work in Exim!

    A properly formatted authenticated message look like this, and one where the user has selected MY SERVER REQUIRES AUTHENTICATION in his/her email client.

    2005-09-12 11:40:15 1EEqPn-0004Ej-9k <= wpliv@domain.com H=(mrbig4.domain.com)
    [69.160.52.185] P=esmtpa A=fixed_login:wplivonward+domain.com S=1554 id=6.0.0.14.0.20050912083143.039cd3c0@pop.1and1.com

    however, we are seeing clients who have not checked, MY SERVER REQUIRES AUTHENTICATION in their email clients yet exim is allowing those users to send mail via the mail server. THIS IS VERY WRONG! Here is an example.

    2005-09-12 12:35:24 1EErGw-0005Uy-RR <= cindy@domain..com H=(CindyNew) [66.15.107.155]
    P=smtp S=155560 id=000801c5b7b7$f28c0d10$0e00000a@CindyNew

    This person DOES NOT HAVE, MY SERVER REQUIRES AUTHENTICATION checked in her email client yet she is realying though the server to a domain name not on our network.

    If exim was working properly, they should be getting this message.

    $sender_fullhost is currently not permitted to \
    relay through this server. Perhaps you \
    have not logged into the pop/imap server in the \
    last 30 minutes or do not have SMTP Authentication turned on in your email client.
     
  2. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    Do you have pop before authentication selected?
     
  3. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0
    Pop before smtp in tweeks is on. Nope, im afraid this is not working. Im running S83 and i have tested it. I unchecked MY SERVERS REQUIRES AUTHENTICATION in my own email account and i can relay mail without issues.

    This needs to be fixed!
     
  4. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    Turn the pop OFF and then test it. Pop before is depreciated and is no longer standard. What that does is allow anyone who claims to be that email address send email for a specific amount of time (I forget how long) after the server has been "popped." Turn it OFF and then it should make your server secure. I can see in my logs thousands of attempts to send email saying they are authenticated and every attemp received that error message - unless they are trying a dictionary attack and then Chripy's mod kills them very quickly.

    Oh, when you turn the pop off - it may take some time to reset all to needing authentcation. I think if you simply restart Exim that works -but not having done that, I am not positve if the change is immediate.

    BTW - Stable 83 is a long time ago. Maybe go to Current?
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    POP before SMTP doesn't allow anyone to relay at all. The antirelayd process scans the /var/log/maillog for successful POP3 authentication and then allows the authenticated IP address to relay through SMTP for 30 minutes. If you don't want to use POP before SMTP disabled antirelayd in WHM > Service Manager. I would not agree at all that POP before SMTP is deprecated, it's simply that SMTP AUTH has become more popular, but both methods have inherent weaknesses.
     
  6. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0
    The point is, is that it doesnt work. I dont want to allow my regular users to be able to send mail though the server without checking, MY SERVER REQUIRES AUTHENTICATION. Thats the whole point of having it on.

    As you can see by my first message, this is obviously not working.
     
  7. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0

    It doesnt matter if its on or off. It doesnt work either way. When you first asked it was off and not working. Turning it on did nothing either. So it doesnt matter if this is on or off in tweaks.
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    So, you have:

    1. Disabled WHM > Servie Manager > antirelayd

    2. Made sure that the antirelayd process is not running

    3. Emptied out /etc/relayhosts and /etc/relayhostsusers and /etc/alwaysrelay

    If you haven't done those, then you haven't done the steps necessary to stop antirelayd (i.e. POP before SMTP).
     
  9. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0
    Does not work.

    First of, antirelayd does not appear anywhere under Server Manager. Second, i clened out those files so only those who are authenticated should be in the /etc/relayhostsusers file. My username is not in the realyhostsusers file yet i am still able to send mail and i do not get the messsage, Realying denied. I also have My Server Requires Authenticated OFF>

    There is an abvious bug here. None of the settings thus far have worked.
     
  10. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If antirelayd is not appearing in Service Manager then you must be running STABLE. You'll either need to go up to RELEASE or wait until the new STABLE (apparently Monday) to be able to easily disable POP before SMTP. Otherwise, you can still do it, but you'll need to search the forums a bit on how to manually disable antirelayd as solutions have been posted.

    There's no bug. If you have a standard cPanel exim configuration it does not allow relaying without authentication.
     
  11. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0
    Sure it does Chirpy. I have already proven that with my own testing. Im still sending mail to Yahoo with My Server Requires Authentication turned off in Outlook and so are my users.
     
  12. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Then you should report the problem to cPanel either directly or through your license provider if you have confirmed that you can relay through the server with antirelayd stopped and the files I mentioned cleared and you're not using SMTP AUTH. This must be something particular to your installation and setup as normally there's no way to relay through the server with the default cPanel exim configuration.
     
    #12 chirpy, Sep 16, 2005
    Last edited: Sep 16, 2005
  13. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0
    I don tthink this is limited to my installation. I bet if people take the time to do a test they will see for themselves.

    What about pop before in WHM tweaks. I have this checked. Should it be?
     
  14. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    I agree with chirpy that this problem could be something particular to your installation and/or setup, since it is not possible to relay through the server with the default cPanel exim configuration. Now, just in case, you need to upgrade exim and the CPanel to the latest version(s). You might also need to force fresh installation for exim. Let me know :)
     
  15. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Nope, just tried it myself and I'm denied authentication as expected:

    550-host.server.com (xxx) [11.22.33.44] is currently not permitted to
    550-relay through this server. Perhaps you have not logged into the pop/imap
    550-server in the last 30 minutes or do not have SMTP Authentication turned on
    550 in your email client.


    If you're referring to the setting WHM > Tweak Settings > Include a list of Pop before SMTP senders in the X-PopBeforeSMTP header when relaying mail then that has not bearing on relay authentication itself.
     
  16. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0

    But in my first post you show you there are people sending mail though the server. I dont understand why nobody believes me! I already posted the proof above.
     
  17. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0

    What version of Exim are you running and what version of Cpanel?
     
  18. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The version of cPanel is immaterial as the exim distribution is relatively release TREE independent. I'm running exim v4.52 on the latest EDGE release, however I've run all versions of eximthat cPanel has released for the last few years and never seen an open relay problem on all the client servers I've worked on.

    I didn't say that you did not have a problem, I said that the default exim configuration as shipped by cPanel doesn't act as an open relay. If you believe that you have an open relay, then, as I have already told you, you need to log a support ticket with your cPanel license provider or cPanel directly if you get it from them and have them investigate for you as there must be something peculiar to your server configuration.
     
  19. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    The easiset way to verify whether you are an open relay or not is to have one of the free servcies run atest on your server. They do it for free. http://www.ordb.org/submit/ is one location.

    I would submit it for you - but there needs to be a respond to email and I do not have yours :rolleyes:

    Per my old Windows 2000 certification, pop before was depreciated (see even Outlook docs) because it is possible to spoof a IP address and fool the server. Last I heard, it was still possible in linux and I know it still is in Windows. (Windows 2003 Server still recommends against for that reason.) It just takes a lot of work...
     
Loading...

Share This Page