The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SMTP not requiering authentication

Discussion in 'E-mail Discussions' started by Shneur, Sep 1, 2003.

  1. Shneur

    Shneur Member

    Joined:
    Aug 7, 2003
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    I just got a new server and when sending an email it does not require "authentication" how do I tweak that in WHM to require authentication?

    also I'm being bombarded with "mailnull" sending (or receiving) too many emails which is puilling my server load up, I'm imagining it's the SoBig.f and have looked at earlier threads addressing this issue.

    My question is is "mailnull" like a "username" which I can block or black-hole? or is it a system process?

    and if I can block it what would be the simplest way (I'm still somewhat of a newbie in SSH)

    Thanx
    Shneur

    cPanel.net Support Ticket Number:
     
  2. jimjoe

    jimjoe Well-Known Member

    Joined:
    Jan 31, 2002
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    How to force authentication for outgoing email

    I also have hosting customers who have concerns about anyone anywhere being able to use our servers and their account specifically to send out email and spam.

    Is there a way in web host manager to require some type of authentication, like user/pw so that we lessen the odds of someone using our server to spam?
     
  3. Host4u2

    Host4u2 Well-Known Member

    Joined:
    Mar 24, 2002
    Messages:
    248
    Likes Received:
    0
    Trophy Points:
    16
    Was looking for an answer to the same question. Personally, I think SMTP is way over-due for a rewrite!
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Exim on Cpanel does two types of authentication:

    1. SMTP AUTH

    2. POP before SMTP

    Most of your clients probably don't realise it, but when they POP their emails accounts, their IP address is stored in a file for 30 minutes. If they then attempt to send an email through the server, their IP address is checked against said list and if it is valid, they can relay. If not, they get an error indicating that they need to POP their email first.

    This "invisibly" authenticates users with a POP3 account for sending email.

    The process that maintains the POP before SMTP file on your server is called "antirelayd".

    I'm not sure I follow you on this. Exim runs under the mailnull process name. So any email being sent or received will appear as exim running under the mailnull account. It will also appear if it has to retry delivery of emails which initially have not been able to send (e.g. if the remote SMTP server is down).

    For more information on what is being sent through your server, you should always monitor:

    /var/log/exim_mainlog
     
  5. cyberspirit

    cyberspirit BANNED

    Joined:
    Jun 27, 2003
    Messages:
    293
    Likes Received:
    0
    Trophy Points:
    0
    hi Jonathan,
    The way pop before smtp is used in cpanel is very insecure.
    What we need implemented is a authsmtp that is mandatory.
    Here is why the current solution is dangerous:
    Let's say I am one of your customers and check my mail with a pop client. But I am doing this from work. And let's just assume I work for a large company like Cisco. So your server will store Cisco's public ip address (since they use NAT) in the antirelayd service for 30 minutes. This means that for the next 30 minutes anyone of the thousands of employees at Cisco can send out emails through your server without needing a password!
    Can you see the danger?
    This is why pop before smtp has been less and less used and is considered a security risk!
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If you don't want to use the POP before SMTP authentication, then simply stop the process that runs it - antirelayd:
    /etc/init.d/antirelayd stop

    I understand perfectly well how POP before SMTP works and it does have its failings, but the real risks of its insecurity have yet to be proven in practice. It is much too sweeping a statement to say "This is why pop before smtp has been less and less used and is considered a security risk!". It is nether that dangerous, neither is it "very insecure".

    SMTP AUTH can equally be insecure if you use AUTH LOGIN rather than one of the encrypted password methods.

    If you're going that far, I sincerely hope that you do not allow POP3 and FTP access and only have POP3s and FTP over SSL or SFTP enabled. Otherwise, you are running "dangerous" protocols that are "very insecure".
     
  7. cyberspirit

    cyberspirit BANNED

    Joined:
    Jun 27, 2003
    Messages:
    293
    Likes Received:
    0
    Trophy Points:
    0
    Jonathan,
    Since you feel so safe about pop before smtp, how about you creating an account for me on your system and I will show you in 5 easy steps how quickly I can change your server in a spam machine?
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    <sigh> Sorry, I'm not going to be goaded into a pissing match with you. The facts are there, you can choose whether you want to use the feature or not based on your own understanding and judgment :rolleyes:
     
  9. Host4u2

    Host4u2 Well-Known Member

    Joined:
    Mar 24, 2002
    Messages:
    248
    Likes Received:
    0
    Trophy Points:
    16
    So, how do we avoid Hacked-Headers? SMTP hasn't been upgraded or rewritten since it's birth, and has it's flaws. I watch this thread, and although there are differences in opinions, I see no one posting what has worked for them in resolving, or at least reducing the SMTP Authenication issue and hacked headers. Let's not argue theory, but rather discuss what works and what don't work by our personal experiences/resolves that has proven to be successful to one degree or another :D

    Can that 30 minute default be changed to say... 5 minutes?
     
    #9 Host4u2, May 6, 2004
    Last edited: May 6, 2004
  10. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yes, you can, though the change will likely be overwritten on the next upcp:

    edit /usr/sbin/antirelayd and change the line:

    $exptime = (time() - (60*30));

    to suit your needs.

    Also, if you want to disable POP before SMTP permanently, you can remove the accept rules in /etc/exim.conf
     
    #10 chirpy, May 6, 2004
    Last edited: May 6, 2004
  11. Host4u2

    Host4u2 Well-Known Member

    Joined:
    Mar 24, 2002
    Messages:
    248
    Likes Received:
    0
    Trophy Points:
    16
    Unless I "chattr +i /usr/sbin/antirelayd" :)
     
  12. Host4u2

    Host4u2 Well-Known Member

    Joined:
    Mar 24, 2002
    Messages:
    248
    Likes Received:
    0
    Trophy Points:
    16
    Thank you chirpy...

    I followed your advice, and added a couple ideas of my own in doing the following and it works great!

    First, I edited my /usr/sbin/antirelayd and changed the line: "$exptime = (time() - (60*30));" (no quotes) to read "$exptime = (time() - (60*5));" (no quotes).

    Then, also via SSH, I typed: "chattr +i /usr/sbin/antirelayd" (no quotes) to prevent upcp from over-writing it.

    Then, I proceeded to edit my "/etc/exim.conf" and commented out "accept hosts = +relay_hosts" (so it looks like this: "#accept hosts = +relay_hosts" (no quotes). NOTE: Make your changes to exim.conf through WHM. Otherwise they will get overwritten when WHM rebuilds exim.conf. You will find it in Advanced Mode, under "begin acl" within the scroll box.

    Then I restarted Exim, and POP3, and that did it.

    Clients now only need to change their email client to use Server Authenication to send email via smtp outside my server realm.

    I've posted a snap shot for configuring Outlook Express for my clients at http://demo123.net/smtp.html for those needing this help.
     
    #12 Host4u2, May 6, 2004
    Last edited: May 8, 2004
  13. Mar

    Mar Member

    Joined:
    Mar 23, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for your assistance

    One of Richard's flock says thanks!

    Much improved

    Mar
    :D
     
  14. taotoon

    taotoon Well-Known Member

    Joined:
    Nov 14, 2004
    Messages:
    135
    Likes Received:
    0
    Trophy Points:
    16
    POP3s and SMTPs is safe.


    or AUTH CRAM-MD5 is ok


    AUTH LOGIN is microsoft base64 and unsafe.
    AUTH PLAIN is base64 in one line and unsafe.
     
  15. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet
    Hi

    Slightly offtopic but yet worth a discussion.
    Say if POP before SMTP is turned off.
    webumake webmail with pop plugin is installed.
    How would a webumake webmail user be able to send a mail using desktop client when cPanel's Exim doesn't have Mysql lookup enabled?

    I had submitted this feature request of having Mysql lookup (if that could help) but as with pure-ftp Mysql Auth feature request it's gathering dust. I could manage to rebuild cpanel's pure-ftpd with Mysql auth but Exim looks impossible ... at least i couldn't hget a hold of it.

    So Question still is

    With only SMTP Auth how would a webumake webmail (with pop plugin) user be able to send mail (from the server and not ISP's server)

    TIA
    Anup
     
  16. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You'd have to create a mail or unix user account and set a password which you'd provide to your users so that they could use SMTP AUTH. WebUMake Mail doesn't use a MySQL backend ;)
     
  17. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet
    Oh i tought webumake was mysql backend based. Is it flat file?
    Well while on the issue, can the exim src.rpm from cPanel be rebuild with LOOKUP_MYSQL Yes?

    Anup
     
  18. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  19. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet
    Yes i could get the src.rpm but it looks it is not possible to get the LOOKUP_MYSQL Yes from as a command line option during rebuild ... none of proprietory webmail scripts which have certain functionalities based on Mysql Lookup can work under cPanel setup :/

    Here is an example of how a webmail uses Exim (but with Mysql Lookup enabled) and has that SMTP Auth possibility

    http://support.atmail.com/exim.html#21
    This could be extended to any other Mysql backend based webmails "Only If" cPanel provided the flexibility.

    Anup
     
    #19 anup123, May 5, 2005
    Last edited: May 5, 2005
  20. p_s_p

    p_s_p Member

    Joined:
    Feb 8, 2004
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    I am having the server with WHM 10.8.0 cPanel 10.8.1-R4 RedHat 7.3 i686 - WHM X v3.1.0 everything was working and suddenly I had an user compalinng that the outlook is not authorizing while sending the mails, however if the "My server require authenticaion" is disabled, the mails goes fine, I have tried everything to fix this:

    /script/eximup fails with error: cannot open exim.src.rpm: No such file or directory
    Stopped exim, removed antirelayd from the service manager and stopped antirelayd but still the problem is not solved.

    Please help me as I want my users to authenticate for SMTP before sending the emails as it was working earlier.

    Thanks
     
Loading...

Share This Page