0

One of my clients is using a cPanel-based Virtual Dedicated Server that appears to allow unauthenticated SMTP:

bash$ echo EHLO | nc mail.clientscompany.com 25
...
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP

It therefore appears that anyone (esp. spammers) can use his mail server to send whatever - I just connected from my DSL connection at home, and...

bash$ nc mail.clientscompany.com 25
HELO clientscompany.com
MAIL FROM: realuser@clientscompany.com
RCPT TO: innocentspamvictim@wherever.com
DATA
From: <realuser@clientscompany.com>
To: <innocentspamvictim@wherever.com>
Date: ...
Subject: ...
Blah
.
QUIT

I just tested this, and sure enough, it sent a mail from "realuser@clientscompany.com".

Since I am not familiar with cPanel and WHM, can someone provide pointers to configure his mail server to (a) only accept TLS connections and (b) only authenticated ones (i.e. with user/password, not just plain connections).

Thanks for any help.

Rob Moir
  • 31,884
  • 6
  • 58
  • 89
ttsiodras
  • 413
  • 1
  • 4
  • 10

3 Answers3

1

http://spamlinks.net/prevent-secure-relay-fix.htm

Without knowing what MTA your client is running its hard to provide more specific configuration information.

quadruplebucky
  • 5,139
  • 20
  • 23
1

The VDS uses Exim:

bash$ yum list | grep -i exim
exim.i386                                4.69-23.1_cpanel_maild installed

I just thought that cPanel/WHM would offer this though some menu/button which I am somehow missing... I have no trouble editing configuration files, but I fear that the set of pages (PHP/CGI scripts) offered by cPanel/WHM are depending on specific formating of configuration files (for Exim and the rest of the UNIX tools) - which I wouldn't want to break...

Any further advise most welcome.

ttsiodras
  • 413
  • 1
  • 4
  • 10
1

Thank you "quadruplebucky", you were spot-on.

That is, false alarm - to anyone else who is worrying about this, just read link the link "quadruplebucky" pointed to.

ttsiodras
  • 413
  • 1
  • 4
  • 10