How to prevent email send as remote user

hendranata · Aug 26, 2017

helo

i have problem with sending email with smtp without authentication.
i have read this tread but not working
Prevent email from being send from server domain

then.. i have tried using php mailer script..
yes we can send email using php mailer script (using SMTP local server).
and there is an option:
$mail->SMTPAuth = false;

yes i try to not using SMTP auth.. and email successfully send...
this is dangerous i guess..

here is the detail message:

Code:

Event: success 
Sender User: -remote-
Sender Domain:
Sender: [email protected]
Sent Time: Aug 26, 2017 12:01:12 PM
Sender Host: xxx.xxx.com
Sender IP: 139.99.4.228
Authentication: localdelivery
Spam Score:
Recipient: [email protected]
Delivered To: [email protected]
Delivery User: hendranata
Delivery Domain: xx.xx.com
Router: virtual_user
Transport: dovecot_virtual_delivery
Out Time: Aug 26, 2017 12:01:12 PM
ID: 1dlTDQ-0001Vd-O8
Delivery Host: localhost
Delivery IP: 127.0.0.1
Size: 1.05 KB
Result: Accepted

sorry i use xx to hide the domain..

what i am currious is here:
Sender User: -remote- <--- actually this is cpanel user: hendranata who send that email from php script.. not from anybody else.. but why they known as -remote- ??

how to block email if the SMTP auth is off ?

i did many possibility.

1. yes if we run php mailer script from outside server.. yes SMTP required to login first before they can send email
however....
2. if we run php mailer script from internal server.. SMTP does not required to login first before they can send email. (it means they can send email with or without SMTP auth actually). <--- this case is quite dangerous when a user send email using SMTP from internal hosting and without SMTP authentication.

any solution?

24x7server · Aug 26, 2017

Hi,

If you want to use only SMTP authentication in the PHP script, then you have to disable the PHP mail function, so only authentication will be accepted..

hendranata · Aug 26, 2017

I know. I dont talk about mail. But i talk about smtp only.
Php mail() function is already disable..
And we use php mailer to send email using smtp.
In that case, php mailer give an option whether u want to use smtp auth yes or not. (See my first post above).

If we turn off smtp auth.. then we can send email through smtp without authentication.. (which is dangerous since they are known as remote user)

If we turn on smtp auth.. yes this is safe to be used..

hendranata · Aug 26, 2017

Ok i will specific to my main question.
Since i can send email through smtp auth and smtp without auth..
How do we prevent user to send email through smtp without auth..??

Because i my trial.. i can use both smtp with authentication (this is okay) and smtp without authentication (this is need to be blocked).
Then How to prevent anybody from sending email through smtp without authentication?

hendranata · Aug 27, 2017

i read somebody comment here Preventing sendmail
and there is no answer till now..
maybe we can modify the exim but i am not sure how to achieve that..
yes i have read exim documentation but i am not an exim expert then need help about this

cPanelMichael · Aug 28, 2017

Hello,

Any local cPanel user can use the 127.0.0.1 IP address to send mail without authentication. This can make it difficult for system administrators to determine which cPanel account sent the mail, especially when a malicious user spoofs an email address to disguise the origin of the email.

To require cPanel & WHM to put the actual sender in the header, enable the Experimental: Rewrite From: header to match actual sender option in WHM's Exim Configuration Manager interface (Home >> Exim Service Configuration >> Exim Configuration Manager).

This is documented at:

How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation

Once this option is enabled, you can more easily identify any senders using the server to send out SPAM, and then suspend those accounts or change the passwords to prevent further delivery of such messages.

Thank you.

hendranata · Sep 6, 2017

yes i have already done this
Experimental: Rewrite From: header to match actual sender option in WHM's Exim Configuration Manager interface (Home >> Exim Service Configuration >> Exim Configuration Manager).

but no luck..

after create a ticket and handle by support lv3.
there is a way to achieve that..
i can go to exim configuration --> advance editor --> uncheck the default_mail_pre section of the acl_smtp_mail

and it works..
thanks

Eduardo Faria Colares · Feb 22, 2018

I´m proceed disabling this feature and have a lot of problems.

cPanelMichael · Feb 22, 2018

Eduardo Faria Colares said:
I´m proceed disabling this feature and have a lot of problems.

Could you provide more specific details about what feature you disabled and what problems you are having?

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
A	How can I prevent a user to send emails	Email	27	Mar 18, 2019
J	Prevent PHP Mail() from sending mails from identified emails	Email	1	Feb 20, 2019
	Prevent users from sending emails that gets server IP blocked?	Email	8	Sep 14, 2018
M	Prevent email from being send from server domain	Email	6	Apr 22, 2017
T	prevent over quota emails from send emails	Email	1	Jan 6, 2017

Search

Search

How to prevent email send as remote user

hendranata

Member

24x7server

Well-Known Member

hendranata

Member

hendranata

Member

hendranata

Member

cPanelMichael

Administrator

hendranata

Member

Eduardo Faria Colares

Registered

cPanelMichael

Administrator