The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim Security Alert: Postmaster / Mailer-daemon exploit

Discussion in 'Security' started by SiteShack, Oct 5, 2004.

  1. SiteShack

    SiteShack Member

    Joined:
    Aug 22, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Over the past 2 days we are concerned about the security in exim.

    Spammers have been successfully relaying messages as mailer-daemon@CUSTOMERDOMAIN.COM and postmaster@CUSTOMERDOMAIN.COM to the CUSTOMERDOMAIN.COM

    They are not using any authentication and Exim willing accepts the message.

    If it was not for our own RBL to add these spammers to it, our customers would be receiving spam.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That's not an exploit. That's how SMTP works. Anyone can connect to your SMTP server using any From address and send email to the domains on that server.
     
  3. SiteShack

    SiteShack Member

    Joined:
    Aug 22, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Any email being sent to the server for a domain it hosts should NOT be relayed without authentication. Just like a user cannot email another user in his domain, unless he authenticates.
    Same thing should hold true for mailer-daemon and postmaster.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Nope. If that were true you would never receive any email from anyone.

    You need to get your head around how SMTP works. To deliver an email to your server, my SMTP server connects to your SMTP server and issues SMTP commands to deliver the email to a domain on your server. No authentication anywhere required. You can even do it yourself by using telnet to port 25 on your server and enter in the SMTP commands.

    The only authentication required is when you are trying to relay email from your server to somewhere not on your server, but that's not what you're talking about.
     
Loading...

Share This Page