The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim bug, you can send email from "one" domain to the "same" domain without Auth.

Discussion in 'E-mail Discussions' started by mohamed_gaber, Oct 11, 2004.

  1. mohamed_gaber

    mohamed_gaber Member

    Joined:
    Mar 4, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    If you try to telnet to any Exim mail server :
    telnet domain.com 25

    Then you try to send email from "one" domain to the "same" domain on that "same" server, it will be routed successfully without Auth.

    I know that is not a serious problem, or considered an open relay, but still it can be inconvenient for some server admins.

    An Example illustrating that :
    C:> telnet domain.com 25
    220-server1.domain.com ESMTP Exim 4.43 #1 Mon, 11 Oct 2004 10:54:12 +0300
    220-We do not authorize the use of this system to transport unsolicited,
    220 and/or bulk e-mail.
    rset
    250 Reset OK
    helo sosos.com
    250 server1.domain.com Hello sosos.com [62.139.139.42]
    mail from:<test@domain.com>
    250 OK
    rcpt to:<anything@domain.com>
    250 Accepted
    data
    354 Enter message, ending with "." on a line by itself
    from: test@domain.com
    to: anything@domain.com
    subject: testttttttttttttt

    the body message
    .
    250 OK id=1CGv1G-0000yP-S8
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That's how SMTP works and always has done, it's certainly not a bug in Exim. If you accept email to be delivered to a domain on your server, then you never require authentication when relaying to your server, no matter where it is from. You only require authentication when relaying through your server.
     
Loading...

Share This Page