The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

sending mails without authentication..!

Discussion in 'E-mail Discussions' started by wimp, Aug 4, 2003.

  1. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    I just note that on some CPanel servers customer can send mails thought mail.domain.com without authentication befor sendng mails!
    So anyone can send e-mails thought that server... even if he have not an account on server...
    Is this a common problem and does anyone else have the same problem?
    If not, how to fix this problem?

    Thanks

    cPanel.net Support Ticket Number:
     
  2. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    Yes there are times when a user is allowed to send mails without authentication, but only when he has checked his pop3 email in the last 30mins.

    Basically cpanel put the ip address of the client who accesses pop3 email box inside a file /etc/relayhosts and allows them to send mails without smtp authentication for the next 30mins.

    cPanel.net Support Ticket Number:
     
  3. s3kk3y

    s3kk3y Well-Known Member

    Joined:
    Oct 12, 2002
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    6
    Is there a way to change the time limit to, say, 5 minutes?

    cPanel.net Support Ticket Number:
     
  4. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    I sent a TT on this and posted about this problem many times before. Still not fixed or just pushed to the side. On all our server none of our users have to check authentication because it works without it. :rolleyes:

    cPanel.net Support Ticket Number:
     
  5. s3kk3y

    s3kk3y Well-Known Member

    Joined:
    Oct 12, 2002
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    6
    sexy_guy,

    If none of your users have to authenticate, then is your server completely open to relaying?

    And if it, arent you a bit worried?

    cPanel.net Support Ticket Number:
     
  6. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Uglyness rears its ugly head, again! Go back to sleep phantom

    cPanel.net Support Ticket Number:
     
    #6 sexy_guy, Aug 5, 2003
    Last edited: Aug 15, 2003
  7. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    hmm... it seems that Anyone can snd e-mails also without authentication...
    That's what I am worry about......
    In that way customer can become a spamer without to know it...
    Think about somone send spam e-mail's with : admin@yourhostingcompany.com


    :rolleyes:

    cPanel.net Support Ticket Number:
     
  8. goodmove

    goodmove Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    Are you kidding? He would be sending dozens of complaints to Cpanel every day if his servers were open relay... He is just BS'ing. ;)
     
    #8 goodmove, Aug 5, 2003
    Last edited: Aug 5, 2003
  9. s3kk3y

    s3kk3y Well-Known Member

    Joined:
    Oct 12, 2002
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    6
    well, it seems that wimp and sexy_guy are both having this issue.

    I just want to know how to change the tim interval to 5 minutes or get rid of it altogether.

    cPanel.net Support Ticket Number:
     
  10. goodmove

    goodmove Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    If your are able to send emails without SMTP Auth or POP check (or you get an open relay warning in dnsreport.com) try this from SSH:
    Code:
    /scripts/fixrelayd
    /etc/rc.d/init.d/antirelayd restart
    service exim restart
     
  11. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    Nope i don't know and don't think you can change it.

    cPanel.net Support Ticket Number:
     
  12. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    Re: Re: sending mails without authentication..!

    Well as i said in my post if any of them checks their pop email id they are automatically authenticated for the next 30minutes. Have you tried when you don't check mails for 30ms atleast and then without authentication send mails ??

    cPanel.net Support Ticket Number:
     
  13. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    wimp anyways if your customer wants to become a spammer he still can. He can use authentication and still send spam.

    Basically the whole idea of authentication is that only authenticated users are allowed to relay from your server, and spammers are rejected as they connect to your servers because they are not your customers/ users.

    cPanel.net Support Ticket Number:
     
  14. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    You don't need to restart antirelayd as fixrelayd script already does that for you.

    cPanel.net Support Ticket Number:
     
  15. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    k guys, if someone wants to insist users for smtp authentication and remove the 30mins given to pop3 check users, here is solution for it:

    Remember if you use the below method you would need to chattr +i /etc/exim.conf otherwise the changes would be reset during next cpanel update

    Edit your exim.conf.

    Locate
    hostlist relay_hosts = lsearch;/etc/relayhosts : \
    localhost

    Now instead of these 2 lines, just write this:

    hostlist relay_hosts = localhost

    Please note if anyone has edited his exim.conf earlier he might have the complete text in one line as well with "\" removed, just replace as i said above.

    Wait now we are still not done.

    Edit /etc/relayhosts, and delete all the contents inside, this will ensure any users logged inside their pops recently still need to authenticate. Save and exit.

    Restart exim

    service exim restart.

    VOILA!

    Try to send email without authentication from any system and see there is an error while sending. Just enable the authentication and the email will get relayed. I checked this on 2 of my pcs right now and it works on both of them.

    cPanel.net Support Ticket Number:
     
  16. goodmove

    goodmove Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for that. What does lsearch stand for?
     
  17. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    you are welcome.

    lsearch is used basically to search addresses from the relaydomains file and make them authenticated uers before hand.

    To understand this better, hjust open your exim.conf.

    Locate require verify = sender. Now you will see another line accept hosts = +relay_hosts
    Basically this sets up permission and tells exim that these hosts are authenticated hosts. Now when relay_hosts are called for, its defined as:

    hostlist relay_hosts = lsearch;/etc/relayhosts : localhost

    So whenever a call is made, the users ip is checked against and searched inside /etc/relayhosts, if its found the user is authenticated and doesn't need to authenticate again for relaying mails. Once we removed the /etc/relayhosts from the hostlist, all users will be forced to use smtp authentication irrespective of the fact they checked their mails or not.

    cPanel.net Support Ticket Number:
     
  18. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    anand ---- thanks for this solution.

    :)

    cPanel.net Support Ticket Number:
     
  19. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Spain
    Note that doing this will probably lead to all kind of problems with your mail system. I think a more sensible approach would be to act upon antirelayd. But you can't just change its code either. For instance a WHM option could allow us to set the relay time to 0, 15 or 30 minutes.

    cPanel.net Support Ticket Number: 20191
     
  20. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    my pleasure :D

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page