The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

exim does not enforce outgoing mail authuentication

Discussion in 'E-mail Discussions' started by newbies, Sep 10, 2006.

  1. newbies

    newbies Active Member

    Joined:
    Jul 9, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I found someone is sending email using my email server (using the defult email account of a domain). So I created an account in my outlook with incoming and outgoing server set to a domain on my server but didn't provide password. I can send out emils even I have choosen "my outgoing server (smtp) requires authentication. I tried tweaking all possible places in WHM such as enable SMTP tweak, Verify the existance of email senders, Use callouts to verify the existance of email senders, etc. All these make no difference.

    I search this forum, some suggested creating the email account. but the account is the defult account, I cannot delete it. Some suggest run scripts such as fixeverything, which makes no difference either.

    How can I stop others from using my server to send spams? Please help.
     
  2. rustelekom

    rustelekom Well-Known Member
    PartnerNOC

    Joined:
    Nov 13, 2003
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    moscow
    if you enable "pop-before-smtp" option in whenm -tweak settings and enable antirelayd then nothing strange. as local email user you may send emails with pop- before-smtp authorisation. if yo not enable above two option, then you need update your exim and his configuraion by using command /scripts/eximup --force
    In standard cpanel configuration it's impossble send emails without smtp authorization (using smtp or pop-before method).
     
  3. newbies

    newbies Active Member

    Joined:
    Jul 9, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Thank you very much for your reply, but what is "whenm", I couldn't find this in WHM.
     
  4. newbies

    newbies Active Member

    Joined:
    Jul 9, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    I guess you mean WHM server tweak->mail

    For the following option, should I tick it or not?
    Include a list of Pop before SMTP senders in the X-PopBeforeSMTP header when relaying mail. (exim 4.34-30+ required)

    Also in SMTP Tweak, should I enable or disable it? It is quite confusing.

    I found antirelayd is also working.

    PS. I did a force update of exim, no difference.
     
    #4 newbies, Sep 10, 2006
    Last edited: Sep 10, 2006
  5. ujr

    ujr Well-Known Member

    Joined:
    Mar 19, 2004
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
    POP before SMTP can be enabled here:

    Main >> Service Configuration >> Service Manager

    Also, have you edited the exim config by any chance?
     
    #5 ujr, Sep 10, 2006
    Last edited: Sep 11, 2006
  6. newbies

    newbies Active Member

    Joined:
    Jul 9, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    I don't think I have edited the exim conf file, so my config file should be the default.
     
  7. rustelekom

    rustelekom Well-Known Member
    PartnerNOC

    Joined:
    Nov 13, 2003
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    moscow
    Oops, sorry for misstyping, i just mean WHM, of course.
    Yes, you can tick that options, nothing wrong here and you have not open relay on you server. Just any local user which connect to your mail server by pop protocol (i.e. - download his emails) can send emails without smtp authorisation within a 30 minutes after. This happen, because user already authorized when he connect by pop protocol. So, in any case your server is not open relay.
    In a resume - with any combination of WHM options you absolutely safe for open realy problem.
     
Loading...

Share This Page