The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Turn on SMTP Authentication

Discussion in 'E-mail Discussions' started by Dodi300, Jul 1, 2009.

  1. Dodi300

    Dodi300 Member

    Joined:
    Jul 1, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Hello. I cannot send emails from my server to Hotmail.
    I get this error:

    I went to the address in the email, The Spamhaus Project, and I'm listed on the Policy Block List (PBL).
    It says I simply need to turn on "SMTP Authentication".

    Does anyone know how to do this in Cpanel?
    Thanks for the help! :)
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    By default, cPanel/WHM will allow those who have authenticated successfully via POP3 within the past 30 to login to send mail via SMTP without authentication (since they already authenticated via POP3).

    To disable this behavior and thus force all your customers to use SMTP authentication, run the following command as root via SSH:

    Code:
    /usr/local/cpanel/bin/tailwatchd --disable=Cpanel::TailWatch::Antirelayd
     
  3. Eric

    Eric Administrator
    Staff Member

    Joined:
    Nov 25, 2007
    Messages:
    746
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    If you're still having trouble after doing what Dave suggested send me your IP in a PM. I used to do a lot of work with spam and antispam stuff including the PBL list over at spamhaus. You could be listed for a number of other reasons.

    Thanks!
     
  4. Dodi300

    Dodi300 Member

    Joined:
    Jul 1, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the help.
    It didnt work though, and now I cant send any emails :confused:

    Do you know how I can re-enable it? :)
    I'll send you a PM cpanelerice.

    Thanks!
     
  5. chrish.

    chrish. Member

    Joined:
    Jun 30, 2009
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    The esmtp auth piece on the Spamhaus site is mentioned for those needing to route outbound mail through their ISP's SMTP server

    Forcing your clients to auth to use your smtp server won't do heaps - the hotmail systems are going to have zero real visibility into whether or not your users have authenticated to a system which it (hotmail) has no control over (headers are easily forged, so this is not an adequate indicator).

    Regarding the PBL inclusion, flat-out they believe your IP address to be dynamic/residential.

    This leaves you with two options:

    -if you aren't on dynamic/residential address space, it'd be worthwhile engaging Spamhaus and seeing if they can correct their records

    -if you are on such address space, you're pretty much limited to routing outbound email through a smarthost; if nothing else, on a case by case basis, though I would wager given the popularity of Spamhaus ZEN, you'll see this same issue with a fair number of other sites.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,455
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Your IP is listed or your server's IP is listed? If it's your server IP that's listed, you can't run cPanel on a dynamic IP.
     
  7. Dodi300

    Dodi300 Member

    Joined:
    Jul 1, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    My IP is not dynamic.

    Still can't get emails to send. :(
     
  8. Eric

    Eric Administrator
    Staff Member

    Joined:
    Nov 25, 2007
    Messages:
    746
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Howdy,

    You're really going to need to contact spamhaus or get your ISP to do so on your behalf. The block they have in place is pretty broad need to be rechecked.

    Thanks!
     
  9. Dodi300

    Dodi300 Member

    Joined:
    Jul 1, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Ok, Will do.
    I've started a Support Ticket, like you said.

    Thanks for the help. :D
     
  10. blargman

    blargman Well-Known Member

    Joined:
    Sep 11, 2007
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    If the ISP has the policy of putting their ip's in the PBL. There's pretty much nothing that can be done except for forging the Received From: headers yourself. Otherwise they need to use the ISP's outbound servers. That's my idea of the matter anyway. Though I thought this was just for unauthenticated mail, I'm seeing an issue of it myself currently with authenticated mail. :\ It's showing ESMTPA in the header yet SpamHaus is still blocking it.
     
  11. Dodi300

    Dodi300 Member

    Joined:
    Jul 1, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Hey,
    The Cpanel support team fixed all the errors on my server and I've contacted SpamHaus and they have removed my IP.
    So now I can send/receive emails to Hotmail accounts!

    Thanks everyone for the help. :)
     
  12. Eric

    Eric Administrator
    Staff Member

    Joined:
    Nov 25, 2007
    Messages:
    746
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Yea, a happy ending :D
     
  13. chrish.

    chrish. Member

    Joined:
    Jun 30, 2009
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Something to watch out for regarding this, it'll depend upon how the remote MTA is evaluating the RBL

    If they're checking the connecting IP, even mangling/rewriting the Received header won't do the trick - the connecting IP will still be exposed, queried, and buggered. The headers won't be visible until the DATA command is sent, acknowledged, etc.

    The other thing to point out, is the "Received" header that the remote MTA creates is one you'll have no control over - and is the one most likely to contain your IP. So to that end, you'd be somewhat stuck.

    Generally RBL providers (among others) will recommend that with lists such as the PBL, you query *only* the connecting IP against the blacklist - reason being, it is perfectly legitimate for a host on a dynamic IP to connect to their ISP's SMTP server and send away; in fact, this is what Spamhaus recommends if you're listed on the PBL (assuming the listing isn't in error). If you do deep header parsing, and query every IP found against an RBL (such as Spamhaus PBL) which is intended solely to restrict what IP's are allowed to connect directly, you end up with a considerable amount of what are by most accounts false positives.

    Similar logic applies for those using the ZEN aggregate zone - if you utilize ZEN, and do deep header parsing (a practice which is generally not recommended) for RBL checks, the return code should be evaluated beyond the topmost (or most recent, rather) header and only trigger policy if found in SBL-XBL, but not PBL. A listing on SBL-XBL 2 or 3 layers deep is cause for suspicion. A listing on PBL 2 or 3 layers deep is not.

    At any rate, rather than continuing on this tangent....headers are very, very easily forged, and no *single* header is a reliable indicator of spam. Tis usually best to consider the makeup of the header, or extract specific tokens that are common to mail sent from botnets.

    Hope this helps someone, and doesn't bore everyone to sleep
     
  14. blargman

    blargman Well-Known Member

    Joined:
    Sep 11, 2007
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    cpanelchrish. That's the odd part. I've been seeing a lot of MTA's like comcast parsing received headers. ie the original connecting ip to the cpanel server and then blocking based on that. When it is the cpanel server connecting to comcast?! Very strange.
     
Loading...

Share This Page