Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to prevent email send as remote user

Discussion in 'E-mail Discussions' started by hendranata, Aug 26, 2017.

Tags:
  1. hendranata

    hendranata Member

    Joined:
    Aug 24, 2017
    Messages:
    16
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    sby
    cPanel Access Level:
    Root Administrator
    helo

    i have problem with sending email with smtp without authentication.
    i have read this tread but not working
    Prevent email from being send from server domain

    then.. i have tried using php mailer script..
    yes we can send email using php mailer script (using SMTP local server).
    and there is an option:
    $mail->SMTPAuth = false;

    yes i try to not using SMTP auth.. and email successfully send...
    this is dangerous i guess..

    here is the detail message:
    Code:
    Event: success 
    Sender User: -remote-
    Sender Domain:
    Sender: abc@aaa.com
    Sent Time: Aug 26, 2017 12:01:12 PM
    Sender Host: xxx.xxx.com
    Sender IP: 139.99.4.228
    Authentication: localdelivery
    Spam Score:
    Recipient: admin@xx.xx.com
    Delivered To: admin@xx.xx.com
    Delivery User: hendranata
    Delivery Domain: xx.xx.com
    Router: virtual_user
    Transport: dovecot_virtual_delivery
    Out Time: Aug 26, 2017 12:01:12 PM
    ID: 1dlTDQ-0001Vd-O8
    Delivery Host: localhost
    Delivery IP: 127.0.0.1
    Size: 1.05 KB
    Result: Accepted
    
    
    sorry i use xx to hide the domain..

    what i am currious is here:
    Sender User: -remote- <--- actually this is cpanel user: hendranata who send that email from php script.. not from anybody else.. but why they known as -remote- ??

    how to block email if the SMTP auth is off ?

    i did many possibility.

    1. yes if we run php mailer script from outside server.. yes SMTP required to login first before they can send email
    however....
    2. if we run php mailer script from internal server.. SMTP does not required to login first before they can send email. (it means they can send email with or without SMTP auth actually). <--- this case is quite dangerous when a user send email using SMTP from internal hosting and without SMTP authentication.

    any solution?
     
    #1 hendranata, Aug 26, 2017
    Last edited by a moderator: Aug 26, 2017
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,447
    Likes Received:
    56
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    If you want to use only SMTP authentication in the PHP script, then you have to disable the PHP mail function, so only authentication will be accepted..
     
  3. hendranata

    hendranata Member

    Joined:
    Aug 24, 2017
    Messages:
    16
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    sby
    cPanel Access Level:
    Root Administrator
    I know. I dont talk about mail. But i talk about smtp only.
    Php mail() function is already disable..
    And we use php mailer to send email using smtp.
    In that case, php mailer give an option whether u want to use smtp auth yes or not. (See my first post above).

    If we turn off smtp auth.. then we can send email through smtp without authentication.. (which is dangerous since they are known as remote user)

    If we turn on smtp auth.. yes this is safe to be used..
     
  4. hendranata

    hendranata Member

    Joined:
    Aug 24, 2017
    Messages:
    16
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    sby
    cPanel Access Level:
    Root Administrator
    Ok i will specific to my main question.
    Since i can send email through smtp auth and smtp without auth..
    How do we prevent user to send email through smtp without auth..??

    Because i my trial.. i can use both smtp with authentication (this is okay) and smtp without authentication (this is need to be blocked).
    Then How to prevent anybody from sending email through smtp without authentication?
     
  5. hendranata

    hendranata Member

    Joined:
    Aug 24, 2017
    Messages:
    16
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    sby
    cPanel Access Level:
    Root Administrator
    i read somebody comment here Preventing sendmail
    and there is no answer till now..
    maybe we can modify the exim but i am not sure how to achieve that..
    yes i have read exim documentation but i am not an exim expert then need help about this
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Any local cPanel user can use the 127.0.0.1 IP address to send mail without authentication. This can make it difficult for system administrators to determine which cPanel account sent the mail, especially when a malicious user spoofs an email address to disguise the origin of the email.

    To require cPanel & WHM to put the actual sender in the header, enable the Experimental: Rewrite From: header to match actual sender option in WHM's Exim Configuration Manager interface (Home >> Exim Service Configuration >> Exim Configuration Manager).

    This is documented at:

    How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation

    Once this option is enabled, you can more easily identify any senders using the server to send out SPAM, and then suspend those accounts or change the passwords to prevent further delivery of such messages.

    Thank you.
     
  7. hendranata

    hendranata Member

    Joined:
    Aug 24, 2017
    Messages:
    16
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    sby
    cPanel Access Level:
    Root Administrator
    yes i have already done this
    Experimental: Rewrite From: header to match actual sender option in WHM's Exim Configuration Manager interface (Home >> Exim Service Configuration >> Exim Configuration Manager).

    but no luck..

    after create a ticket and handle by support lv3.
    there is a way to achieve that..
    i can go to exim configuration --> advance editor --> uncheck the default_mail_pre section of the acl_smtp_mail

    and it works..
    thanks
     
    cPanelMichael likes this.
Loading...

Share This Page