exim does not enforce outgoing mail authuentication

[newbies]

Hello,

I found someone is sending email using my email server (using the defult email account of a domain). So I created an account in my outlook with incoming and outgoing server set to a domain on my server but didn't provide password. I can send out emils even I have choosen "my outgoing server (smtp) requires authentication. I tried tweaking all possible places in WHM such as enable SMTP tweak, Verify the existance of email senders, Use callouts to verify the existance of email senders, etc. All these make no difference.

I search this forum, some suggested creating the email account. but the account is the defult account, I cannot delete it. Some suggest run scripts such as fixeverything, which makes no difference either.

How can I stop others from using my server to send spams? Please help.

 

[rustelekom]

if you enable "pop-before-smtp" option in whenm -tweak settings and enable antirelayd then nothing strange. as local email user you may send emails with pop- before-smtp authorisation. if yo not enable above two option, then you need update your exim and his configuraion by using command /scripts/eximup --force
In standard cpanel configuration it's impossble send emails without smtp authorization (using smtp or pop-before method).

 

[newbies]

if you enable "pop-before-smtp" option in whenm -tweak settings and enable antirelayd then nothing strange.

Thank you very much for your reply, but what is "whenm", I couldn't find this in WHM.

 

[newbies]

I guess you mean WHM server tweak->mail

For the following option, should I tick it or not?
Include a list of Pop before SMTP senders in the X-PopBeforeSMTP header when relaying mail. (exim 4.34-30+ required)

Also in SMTP Tweak, should I enable or disable it? It is quite confusing.

I found antirelayd is also working.

PS. I did a force update of exim, no difference.

 

[ujr]

POP before SMTP can be enabled here:

Main >> Service Configuration >> Service Manager

Also, have you edited the exim config by any chance?

 

[newbies]

Also, have you edited the exim config by any chance?

I don't think I have edited the exim conf file, so my config file should be the default.

 

[rustelekom]

I guess you mean WHM server tweak->mail

For the following option, should I tick it or not?
Include a list of Pop before SMTP senders in the X-PopBeforeSMTP header when relaying mail. (exim 4.34-30+ required)

Also in SMTP Tweak, should I enable or disable it? It is quite confusing.

I found antirelayd is also working.

PS. I did a force update of exim, no difference.

Oops, sorry for misstyping, i just mean WHM, of course.
Yes, you can tick that options, nothing wrong here and you have not open relay on you server. Just any local user which connect to your mail server by pop protocol (i.e. - download his emails) can send emails without smtp authorisation within a 30 minutes after. This happen, because user already authorized when he connect by pop protocol. So, in any case your server is not open relay.
In a resume - with any combination of WHM options you absolutely safe for open realy problem.