Security problem with exim

ciberplay

Registered
Sep 4, 2002
3
0
151
Hello we have a problem, our whm server use exim, it allow send anonymous mail from whatever email address and we dont know how to avoid it, if you configure an email client with no authentication server for outgoing mails, it allow send mails only writing and address of an existing domains in our server.

we have two servers and in only one happen....

they have the same tweaksetting and the same exim configuration...

Thankyou for all, and sorry for my english....
 

ThinIce

Well-Known Member
Apr 27, 2006
352
9
168
Disillusioned in England
cPanel Access Level
Root Administrator
It might be worth ensuring you're not authenticated against the server with pop before smtp before testing this (i.e. don't log into an email account to check mail while testing on the same internet connection).

You can have a look in /etc/relayhosts for your IP...
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,260
463
Hello :)

Authentication should be required in all cases. Even in cases where Antirelayd is enabled, a user must still login via POP/IMAP before sending. There is documentation on this at:

Require SMTP Authentication

Please open a support ticket and let us know the ticket number if you would like us to try reproducing the issue you have described:

Submit A Ticket

Thank you.