Require localhost SMTP auth

[dorkstanner]

Hello,

I've been doing research to find out if I can change my server to require smtp auth for localhost to prevent scripts/php from getting uploaded to a compromised account and being able to fully utilize our email server. Does anyone know how this would be done? I haven't been able to find any info.

Thanks!
~Tanner

 

[dorkstanner]

Tried to edit with more info but got denied for spam.

We are running CSF if that helps any. We're on WHM v76.0.0

 

[cPanelMichael]

Hello,

Anyone that can authenticate as a local cPanel user can use the 127.0.0.1 IP address to send mail without additional authentication (since the user already authenticated into cPanel). This can make it difficult for system administrators to determine which cPanel account sent the mail, especially when a malicious user spoofs an email address to disguise the origin of the email.

To require cPanel & WHM to put the actual sender in the header, enable the Experimental: Rewrite From: header to match actual sender option in WHM's Exim Configuration Manager interface (Home >> Exim Service Configuration >> Exim Configuration Manager).

This is documented at:

How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation

Once this option is enabled, you can more easily identify any senders using the server to send out SPAM, and then suspend those accounts or change the passwords to prevent further delivery of such messages.

Thank you.