The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PCI Compliance

Discussion in 'E-mail Discussions' started by mickalo, Aug 20, 2009.

  1. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    Hello,

    Ok, this one has me stumped. We have a customer with 3 domains on our server. 2 of them passed this Security Metrics PCI scan, but one did not and for the life of me can't figure why. 2 of them passed so I assume that the Exim global configuration is setup correctly and the one that failed may have something to do with the DNS zone file .... not sure ?? This is the results they go back:
    Code:
    Protocol Port Program Risk Summary
    
    TCP 25 smtp 4 The remote SMTP server is insufficiently protected against relaying 
    This means that spammers might be able to use your mail server to send their mails to the world. 
    SMetrics was able to relay mails by sending those sequences: 
    MAIL FROM: <smetrics@decisionbar.com> 
    RCPT TO: <nobody%securitymetrics.com@decisionbar.c om> Risk Factor: Medium 
    
    TCP 465 urd 4 The remote SMTP server is insufficiently protected against relaying 
    This means that spammers might be able to use your mail server to send their mails to the world. 
    SMetrics was able to relay mails by sending those sequences: 
    MAIL FROM: <smetrics@decisionbar.com> 
    RCPT TO: <nobody%securitymetrics.com@decisionbar.c om> Risk Factor: Medium Solution: 
    upgrade your software or improve the configuration so that your SMTP server cannot be used 
    as a relay any more.
    
    any suggestion or help would be much appreciated. I've been racking my brain all morning trying
    to figure this out.

    Thx's
    Mike
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Looks like this PCI Compliance Vendor doesn't understand the difference between open relays and cPanel/WHM's POP-before-SMTP authentication.

    In a cPanel/WHM environment, if you have successfully authenticated into POP within the past 30 minutes, then you (or more technically, your IP address) can send mail via the SMTP server without authentication (since you have already authenticated successfully via POP).

    To disable this POP-before-SMTP authentication and force SMTP authentication for all users at all times, go to WHM -> Service Configuration -> Service Manager and under tailwatchd, uncheck "Antirelayd."
     
  3. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    Thanks. After reading your reply it makes allot of sense. We have several of these scans in the past with other customers and never got this type of warning before. So I was a bit lost to what the problems was.

    Mike
     
Loading...

Share This Page