The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

smtp mail authentification

Discussion in 'E-mail Discussions' started by Julien PHAM, Aug 25, 2009.

  1. Julien PHAM

    Julien PHAM Active Member

    Joined:
    Jul 9, 2009
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    I would like to setup my mail server so a user that wants to send a mail need to authenticate itself on the server with the same username / password than the pop3 account before beeing allowed to send a mail, as I do not want my mail server to be used as a spam relay.

    But it seems that out of the box this option is not set, as I was able in thunderbird to use my mail server to send a mail without providing a username and password.

    And I'm unable to find out where this option is.

    Anybody can help?

    Thanks

    Edit : btw if I would like my mail server to require ssl to send mail, in my firewall I should not allow port 25 tcp out, but I should allow port 25 tcp in to receive mail ?

    Edit 2 : after some testing with websites that check mail servers, it seems my mail server rejects mail when pop3 auth has not been started, BUT it accepts smtp when the user is from my domain, but I do not like this because it means a spammer can put as sender address an address from my mail server to send a mail...
     
    #1 Julien PHAM, Aug 25, 2009
    Last edited: Aug 25, 2009
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    By default, cPanel uses POP-before-SMTP authentication. This means if you successfully authenticate to the server using POP, then SMTP is not required. If you have not successfully authenticated to the server within the past 30 minutes via POP, you will be prompted to authenticate into SMTP. This is not the same as an open relay since successful authentication is required to use the SMTP server, that authentication is just handled via POP rather than SMTP itself.

    To disable POP-before-SMTP authentication in favor of always forcing SMTP authentication, go to WHM -> Service Configuration -> Service Manager and under Tailwatchd uncheck Antirelayd. Be sure to click Save on this page.

    It is generally a bad idea to block port 25. Blocking port 25 outbound will prevent mail from being sent to other mail servers. Blocking port 25 inbound will prevent mail from being received by your server.
     
  3. Julien PHAM

    Julien PHAM Active Member

    Joined:
    Jul 9, 2009
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Thanks.

    I had the idea of blocking port 25 outbound, because I would like my users to use ssl to send mail, so they use another port to send mail.

    But the problem then is that I have a webserver on my domain, and so if someone is sending mail through a webform, perhaps the mail server will try to use the port 25 to send mail, or I should configure exim to listen to another port instead of this...

    I don't like the idea that my users can use the non encrypted port to send mail.

    (edit : btw where do I setup the pop delay for my users? I mean I have setup their mail account to check for mail every minute, and now I have plenty of messages saying "user xxx blocked for pop3d access", so I think on my mail server the allowed pop3d access per hour should be setup too low)
     
    #3 Julien PHAM, Aug 26, 2009
    Last edited: Aug 26, 2009
  4. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    That message sounds like it was generated by a third-party tool like ConfigServer firewall. cPanel/WHM only limits the maximum number of total simultaneous POP3 connections and maximum connections per IP (both TLS/SSL and plain-text). We don't have any native functionality for blocking users who check their mail every minute.

    You can disable IMAPD and POP3D and just use IMAPDSSL and POP3DSSL. However, disabling plain-text IMAP will cause webmail to malfunction. This can be configured by going to WHM -> Service Configuration -> Mailserver Configuration.

    Our sendmail emulation does not initiate a connection over port 25. It just routes the message to Exim to send via SMTP.

    Blocking port 25 will prevent your server from receiving mail from other servers. You may want to educate your customers about using SMTP over SSL so that it is more difficult to "sniff" passwords. You may be able to write a script that monitors the Exim mail log to see if you have any users still logging in via the plain text port (port 25).

    If you are not sure where the logs are located, check out our Logs Location Reference poster. You can view this at: http://www.cpanel.net/images/loglocationsposter.jpg - A high resolution version available in print at: Order FREE 24x36 Log Locations Poster - cPanel Inc.
     
Loading...

Share This Page