The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to deny relay inboud my own domains?

Discussion in 'E-mail Discussions' started by Widmo, May 17, 2012.

  1. Widmo

    Widmo Member

    Joined:
    Aug 4, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I have used:

    https://www.wormly.com/test_smtp_server

    And is possible to send mail from test@mydomain.com to test@mydomain.com without authentication. I think it shoudn't be allowed.

    How to fix it?
     
  2. Astral God

    Astral God Well-Known Member

    Joined:
    Sep 27, 2010
    Messages:
    180
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    127.0.0.1
    cPanel Access Level:
    Root Administrator
    I've tried this and same thing for me, email from and to the same email address is possible without auth.

    How can this be fixed ?
     
  3. -GR-

    -GR- Active Member

    Joined:
    May 2, 2012
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    It seems it allows you to send mail as long as both the recipient and sender email addresses are the same. Could be a bug in that wormly script or something with cpanel or exim. It does seem strange that it would go through though.

    However try the following:

    smtp server: yourdomain.com
    sender email: user@yourdomain.com <- enter a known email account on the server
    recipient: user@someotherdomain.com <- enter any email that isn't the same as the sender email

    It should fail.

    Technically even though you can send mail from and to the same email account without authenticating isn't going to be an issue though but it would be cool to not allow it.
     
    #3 -GR-, May 18, 2012
    Last edited: May 18, 2012
  4. Widmo

    Widmo Member

    Joined:
    Aug 4, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    1) Look how many spam we got becouse mail@mail.com -> mail@mail.com is permited
    2) At postfix do:

    # /etc/postfix/master.cf
    smtpd_restriction_classes = insiders_only
    insiders_only = check_sender_access hash:/etc/postfix/insiders, reject

    # /etc/postfix/insiders
    domain.ltd OK

    and it mean, if sender domain is domain.ltd then he have to be authed. ;)
     
Loading...

Share This Page