The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security SMTP Bug still in CPanel Server?

Discussion in 'E-mail Discussions' started by wimp, Feb 4, 2004.

  1. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    just going to check SMTP on a CPanel server and saw anyone is still able to send e-mail's trought servers SMTP : mail.anyaccount.com
    I have already set the security tweak in WHM:
    "SMTP Mail protection has been enabled. Only users with the gid mail or mailman may make smtp connections. "

    but it is not working. I tried anso to change my IP address (so without login in ) but I am still able to sending e-mails.
    Have also customers that claims somon using there smtp.theredomain.com to sending spam.

    Anything that can be done?

    thanks a lot
     
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Are you checking a POP account on the server? The server is not able to distinguish between particular domains. If you check a POP account for domaina.com, then you can use domainb.com as the outgoing mail server, providing that both domaina.com and domainb.com are on the same physical server. The server gathers a list of IPs from /var/logs/maillog of users who have recently checked a POP account on the server. As long as your IP is in that list, you will be able to send out messages through port 25 on the server. The actual domain does not matter since they are all routed through the same physical server.
     
  3. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    yes, i already changed the IP and send e-mails trought the server without authentication befor!
     
Loading...

Share This Page