The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How To Disable AuthRelay in Exim to block Spammers

Discussion in 'E-mail Discussions' started by BlackRain, Jan 8, 2010.

  1. BlackRain

    BlackRain Well-Known Member

    May 28, 2003
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Server Setup: cPanel 11.25.0-C42399 - WHM 11.25.0 - X 3.9, CENTOS 5.4, PHP 5.3.1, Exim 4.69-23.1, CSF Firewall, Mailscanner/MSFE.

    Problem: Spammers are finding a way to AUTH RELAY spam with BCC multiple recipients through our server on domains that have no email accounts.

    Example of spammer attempt:

    Note the fixed_login part. We have NO email accounts on this domain. How could it be a fixed log in?

    Fixes used : Enabled most Exim security options via Cpanel/WHM. Changed domain passwords. We added log_selector = +all and host_lookup = to the exim.conf. SPF, rDNS, Domainkeys installed. Tested our IP's at to make sure we were not an open relay.

    Reviewed logs to make sure no one but our IP has logged into the server, Cpanel, or domains.

    The only way we can block these attempts currently is to rate limit AUTH RELAY in CSF Firewall to "0".

    I know that standard line is that Exim is not setup to relay mail by default but spammers have figured out a way.

    Any ideas?
    #1 BlackRain, Jan 8, 2010
    Last edited: Jan 8, 2010

Share This Page