The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Prevent relaying

Discussion in 'E-mail Discussions' started by maquinadigital, Dec 26, 2011.

  1. maquinadigital

    maquinadigital Well-Known Member

    Joined:
    Aug 10, 2006
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    DataCenter Provider
    greetings,

    I have a small problem with some clients. They are my clients for some domains, use POP3, SMTP, etc, but, at the same time, are clients for other companies but use my server as SMTP server.

    So, my question is, how can I prevent the use of my SMTP server from hosts that are being relayed by tailwatchd, and, of course, correctly relayed. Is there some way to relay only localdomains?

    This rule has to come before the /etc/relayhosts rule, of course.

    Best regards and a Happy 2012!
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    IPs can only be listed in /etc/relayhosts file if they have authenticated first. This means that the user has to have already authenticated to be in that file. You can always disable antirelayd from allowing POP3 before SMTP authentication if you only want to allow SMTP authentication directly. WHM > Service Manager has antirelayd listed, which could be unchecked there for a service.
     
  3. maquinadigital

    maquinadigital Well-Known Member

    Joined:
    Aug 10, 2006
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    DataCenter Provider
    Yes, they have autenticated because they are our clients.

    The problem is that they have domain1.com in our servers but they are using them to send emails from domain2.com also and, domain2.com are not hosted in our servers.
    I want to prevent that.

    Forcing all users to use SMTP authentication now it's almost impossible.

    The only solution would be to customize EXIM to deny domains not listed in /etc/localdomains BEFORE the rule that relays every IP in /etc/relayhosts.

    Would you agree with that or are your seeing any other way?
     
  4. maquinadigital

    maquinadigital Well-Known Member

    Joined:
    Aug 10, 2006
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    DataCenter Provider
    By the way, I used to use ASSP and it allowed that. Unfortunatly, I had major problems regarding performance with large emails and had to leave ASSP.
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Actually, what you are describing sounds like spoofing where you can send using an email alias that isn't the email account you authenticated using originally. If this is spoofing you are talking about, then you might review the following guide where I mention a rule to prevent spoofing:

    http://forums.cpanel.net/f5/setup-l...-hour-per-domain-users-201222.html#post843452

    It is under the section "2. Stopping spoofing from webmail and SMTP authenticated users"
     
  6. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    462
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    If you are experiencing spoofing for your email accounts then it is recommended to have enabled spf records for your domains.
    Though it will not prevent email forgery but it will help you to trace the spammers easily.
    Also make sure to reset/change password of all your email accounts. If any one of your email account got hacked, spammers can easily send spams/spoffed emails through it :p
     
Loading...

Share This Page