The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PCI Compliance - Exim

Discussion in 'Security' started by tps, Dec 23, 2009.

  1. tps

    tps Registered

    Joined:
    Dec 23, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Has anyone out there run into any issues trying to pass the PCI scans with cPanel and using Exim?

    I've used Security Metrics and HackerGuardian scans it's telling me that I have an open relay. I have turned off the antirelayd service in cPanel and am puzzled at how to solve this issue.

    I was told by that this is because I have an open internal relay and that it returns a 250 code after telneting into the server on the smtp port. Any idea how to fix this?

    thanks a lot.
     
  2. madaboutlinux

    madaboutlinux Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    1,052
    Likes Received:
    2
    Trophy Points:
    38
    Location:
    Earth
    Well, by default relaying isn't ON on a cPanel server. Try turning off antirelayd and see if it makes any difference.
     
  3. sirdopes

    sirdopes Well-Known Member
    PartnerNOC

    Joined:
    Sep 25, 2007
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    Have you tested this manually or have they given you the commands they are using to test? If the domain is not hosted on your server, it should not accept it or send it out unless you are authenticated.
     
  4. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    1. Turn on the antirelayd (WHM -> Service Configuration -> Service Manager) to verify your server is not open relay.
    2. add this following line to your /etc/exim.conf file

    auth_hosts = *

    All the mails sent using your server's smtp will have to pass an authorization first with a user/pass and it will allow only those users whose email address exists on your server.
     
Loading...

Share This Page