The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

remote send email only with SMTP Authentication

Discussion in 'E-mail Discussions' started by alfa ex, Dec 16, 2015.

  1. alfa ex

    alfa ex Member

    Joined:
    Oct 15, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    hi.
    I done a test with phpmailer on my localhost machine and iI can send e-mail only with my mail.mydomain.com without give pass and login.

    my cpanel was installed by the VPS company.

    I cant find on google or searching on the forum which option block this behavior.

    I want to allow to send e-mail using mail.mydomain.com only providing login and pass.

    Thanks in advanced.
     
  2. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    I'm im understanding correctly, you want to be able to send email from a script without authenticating first. With phpmailer, the simplest way is to not use SMTP, but rather sendmail, which doesn't require a login. The only way to use SMTP without credentials is to disable antirelayd, which essentially makes your server an open relay and this is a very bad idea.
     
  3. alfa ex

    alfa ex Member

    Joined:
    Oct 15, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    sorry if my english is confusing, but i said that
    If the user trying to send e-mail using mail.mydomain not provide a login and password the user will not be able to send the email.

    I said that now it is possible to send without authentication, i don't know why in a fresh installation this is allowed.

    The SMTP restriction is enabled, and i don't know why at the moment as you (@vanessa) said in another forum post, "i'm a honeypot for spammers"
     
  4. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    By default, cPanel servers will not allow you to send email via SMTP without authentication. There is also the possibility that SMTP Tweak is different on both servers, so you might want to check that. Go to Home >> Security Center >> SMTP Restrictions and try toggling the setting.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    What method is used to send out the email? Is the script using sendmail?

    Thank you.
     
  6. alfa ex

    alfa ex Member

    Joined:
    Oct 15, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    @vanessa
    There are only one server, it is on godaddy.
    The other is a local one with wamp on my windows machine just to run the php script.

    And i tried to toggling and still sending without auth.

    thanks for the fast reply.
     
  7. alfa ex

    alfa ex Member

    Joined:
    Oct 15, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    @cPanelMichael

    my script

    Code:
        $mail = new PHPMailer();
        $mail->isSMTP();
        $mail->Port = 25;
        $mail->Host = 'mail.mydomain.com';
        //$mail->SMTPAuth = true;
        //$mail->Username = 'envio@mydomain.com';
        //$mail->Password = 'pass';
        $mail->isHTML(true);
        $mail->setFrom("teste@mydomain.com", "test", true);
        $mail->addAddress("mateus@mydomain.com");
        $mail->Subject = "teste";
        $mail->Body = "<h1>hi</h1>";
        if(!$mail->send()) {
                echo 'Mailer Error: ' . $mail->ErrorInfo;
        }
     
  8. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    $mail->isSMTP()

    Sort of implies you're trying to use SMTP but are not passing any credentials. So either don't use SMTP, or specify your login details.
     
  9. alfa ex

    alfa ex Member

    Joined:
    Oct 15, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    @vanessa yes, i'm not using the credentials, it is commented, in this case the email need to fail.
    But the email is sent with success even without credentials.
    This should not work because anyone in the world can send e-mail using my server without i knowing.
     
  10. alfa ex

    alfa ex Member

    Joined:
    Oct 15, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    ok guys, since "nothing was working" i decided to go low level.

    I opened a shell and nc (netcat) an e-mail by hand, what brought more questions but solved the problem.

    The first question was that why I managed to send an email to my OWN domain with no problem at all.

    Code:
    CLIENT->nc mail.mydomain.com 25
    SERVER->220-hostname.mydomain.com ESMTP Exim 4.86 #2 Wed, 16 Dec 2015 17:33:33 -0200
    220-We do not authorize the use of this system to transport unsolicited,
    220 and/or bulk e-mail.
    CLIENT->HELO mail.mydomain.com
    SERVER->250 hostname.mydomain.com Hello xxx-xxx-xx-xxx.dial-up.telesp.net.br [xxx.xxx.xx.xxx]
    CLIENT->MAIL FROM:<dev@mydomain.com>
    SERVER->250 OK
    CLIENT->RCPT TO:<mateus@mydomain.com>
    SERVER->250 Accepted
    CLIENT->DATA
    SERVER->354 Enter message, ending with "." on a line by itself
    CLIENT->my email
    CLIENT->.
    SERVER->250 OK id=1a9Hrz-0006EL-Ma
    CLIENT->QUIT
    SERVER->221 hostname.mydomain.com closing connection
    This is kind dangerous because if i make a simple script with a 999999 loop i will exhaust the server, but it will be only to my internal accounts.

    If i try to do the same but with a gmail or hotmail or wherever, (sending email from my domain to gmail) this message is shown.

    Code:
    550-Please turn on SMTP Authentication in your mail client.
    550-xxx-xxx-xx-xxx.dial-up.telesp.net.br (mail.mydomain.com)
    550-[xxx.xxx.xx.xxx]:42173 is not permitted to relay through this server
    550 without authentication.
    So my mail server is not open to the world, but as I was testing with my own domain e-mail, that's why i HAD the impression that my server was open.

    I tried with google and them require authentication even to send from your own account, after all they will not know if it's really you that are sending the email.

    Now i want to know how i can block my smtp for anyone in the world send e-mail to my own accounts.
     
Loading...

Share This Page