The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

exim w/open relay

Discussion in 'General Discussion' started by kokoman, Jul 29, 2003.

  1. kokoman

    kokoman Active Member

    Joined:
    Nov 28, 2002
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    BA, Argentina
    Hello people..

    I have a big security problem when I set a demo account under Cpanel, the exim relay mail if somebody is authenticated using the user/pass corresponding to that demo account.

    I was tried modifying the statements defined into ACL under check_recipient: in exim.conf but I can´t to prevent any demo user to send emails from any host to any other host, by means of the user / pass. THIS MEANS A SPAM HOLE.

    I try to remove the demo domain from /etc/localdomains, but exim (with the actual conf) still relaying if the mail session is authenticated.

    Below is a scratch from my actual exim.conf

    ******
    check_recipient:
    # Exim 3 had no checking on -bs messages, so for compatibility
    # we accept if the source is local SMTP (i.e. not over TCP/IP).
    # We do this by testing for an empty sending host field.

    accept hosts = :

    require verify = sender
    accept domains = +local_domains
    accept domains = +relay_domains
    accept hosts = +relay_hosts
    accept condition = ${perl{checkrelayhost}{$sender_host_address}}
    accept hosts = +auth_relay_hosts
    endpass
    message = $sender_fullhost is currently not permitted to \
    relay through this server. Perhaps you \
    have not logged into the pop/imap server in the \
    last 30 minutes or do not have SMTP Authentication turned on in your email client.

    endpass
    accept authenticated = *
    deny message = $sender_fullhost is currently not permitted to \
    relay through this server. Perhaps you \
    have not logged into the pop/imap server in the \
    last 30 minutes or do not have SMTP Authentication turned on in your email client.

    ******

    cPanel.net Support Ticket Number:
     
  2. shaun

    shaun Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    698
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Clemente, Ca
    try this

    rm -rf /home/demo/mail
    rm -rf /home/demo/etc
    mkdir /home/demo/mail
    mkdir /home/demo/etc
    chattr +ia /home/demo/mail
    chattr +ia /home/demo/etc

    i dont know for sure if that will work but give it a shot. also you may want to

    echo > /etc/proftpd/demo
    chattr +ia /etc/proftpd/demo


    REMEMBER DEMO is just the username i choose if you demo account has the username cpdemo you would replace demo with cpdemo

    cPanel.net Support Ticket Number:
     
  3. Hispalab

    Hispalab Well-Known Member

    Joined:
    Apr 17, 2003
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Madrid -Spain
    Delete demo accounts because your demo user is authenticated on exim for send spam.
    Luis Miguel.
     
  4. Habikki

    Habikki Member

    Joined:
    Jun 16, 2003
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Hey Shaun,

    Do you think that just removing the mail directory all togeter would be enough? I mean the problem is that they are using the demo account to spam. What if you just simply removed it all togher? That way it woulnd't be able to verify?

    I'm not all that into mail management, though if it goes to look up the username and password for mail when they try to auth, wouldn't it not work?

    Or how about trying to simply place a random hash of a password to other then demo in demo's mail file? That would fail the auth when mail is attmpted to be sent.

    Just throwing ideas around because I'm being nailed with the same problem.

    Cheers,
    Robby
     
  5. greggcz

    greggcz Member

    Joined:
    May 17, 2003
    Messages:
    16
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    blah
    this patch fixes it:


    BEGIN PATCH (copy and paste the below into mailpatch):
    529a530,532
    > if(isdemo($uid)) {
    > die "demo accounts are not permitted to relay mail [$uid]";
    > }
    END PATCH


    how to do it :

    1.create file mailpatch
    2.copy+paste the above into the file
    2. execute:
    patch /etc/exim.pl < mailpatch


    After that exim will not let demo account authenticate via SMTP . This worked for me very well.



    Good luck :)


    -Gregg
     
    naox likes this.
  6. cass

    cass Well-Known Member

    Joined:
    Jul 17, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Argentina/USA/Mexico
    Okey...
    I've a serios spam problem on a client server...
    is there a way to configure exim to NOT RELAY
    so... that the FROM: could only contain a domain in the server.

    cause... once autenticated... (ie a normal user) ... mails using any email address could be sent (ie all this new viruses around).
    So, I want to configure this server so that only the local_domains can send mail (the FROM:) ... yes to any address.

    Also... an optional configuration where autenticated users could only send email using their OWN domain(s) only (main + addons, etc) , could be also good to know.

    Regards
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If you stop the antirelayd process you will effectively stop POP before SMTP which should suit your needs. Users will then only be able to relay email through the server using SMTP AUTH. Remember to empty out /etc/relayhosts too.
     
  8. boyforeigner

    boyforeigner Well-Known Member

    Joined:
    May 18, 2003
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Can you explain better how do this this patch

    Can you explain better how do this this patch. Step by step please.
     
  9. cass

    cass Well-Known Member

    Joined:
    Jul 17, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Argentina/USA/Mexico
    Now, let me ask again on another way ...

    I want that ONLY localdomains be relayed on the server, I want to block any other domain to be relayed on the server.
    The pop before smtp is okey... the problem is that someone could auth with their account... and then send out spam using ANY DOMAIN, I want this to be localdomains only.
    On the other side... the scripts... can send emails using any domain... I hate this! is there a way to also block if the from: domain is not on localdomains?

    Regards.
     
  10. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You'd probably better off asking this on the exim mailing list as they're mor likely able to point you in the right direction.
     
  11. greggcz

    greggcz Member

    Joined:
    May 17, 2003
    Messages:
    16
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    blah

    it's simple: exim.pl has a bug that allows demo accounts to be used to send emails this just adds couple of lines of code to check if it's a demo account before letting it send emails.
     
Loading...

Share This Page