Skip to main content

remote send email only with SMTP Authentication

alfa ex
hi. I done a test with phpmailer on my localhost machine and iI can send e-mail only with my mail.mydomain.com without give pass and login. my cpanel was installed by the VPS company. I cant find on google or searching on the forum which option block this behavior. I want to allow to send e-mail using mail.mydomain.com only providing login and pass. Thanks in advanced.

Comments

10 comments

Date Votes
  • vanessa
    I'm im understanding correctly, you want to be able to send email from a script without authenticating first. With phpmailer, the simplest way is to not use SMTP, but rather sendmail, which doesn't require a login. The only way to use SMTP without credentials is to disable antirelayd, which essentially makes your server an open relay and this is a very bad idea.
    0
  • alfa ex
    sorry if my english is confusing, but i said that I want to allow to send e-mail using mail.mydomain.com only providing login and pass.
    If the user trying to send e-mail using mail.mydomain not provide a login and password the user will not be able to send the email. I said that now it is possible to send without authentication, i don't know why in a fresh installation this is allowed. The SMTP restriction is enabled, and i don't know why at the moment as you (@vanessa) said in another forum post, "i'm a honeypot for spammers"
    0
  • vanessa
    By default, cPanel servers will not allow you to send email via SMTP without authentication. There is also the possibility that SMTP Tweak is different on both servers, so you might want to check that. Go to Home >> Security Center >> SMTP Restrictions and try toggling the setting.
    0
  • cPanelMichael
    I said that now it is possible to send without authentication, i don't know why in a fresh installation this is allowed.

    Hello :) What method is used to send out the email? Is the script using sendmail? Thank you.
    0
  • alfa ex
    @vanessa There are only one server, it is on godaddy. The other is a local one with wamp on my windows machine just to run the php script. And i tried to toggling and still sending without auth. thanks for the fast reply.
    0
  • alfa ex
    @cPanelMichael my script
    $mail = new PHPMailer(); $mail->isSMTP(); $mail->Port = 25; $mail->Host = 'mail.mydomain.com'; //$mail->SMTPAuth = true; //$mail->Username = 'envio@mydomain.com'; //$mail->Password = 'pass'; $mail->isHTML(true); $mail->setFrom("teste@mydomain.com", "test", true); $mail->addAddress("mateus@mydomain.com"); $mail->Subject = "teste"; $mail->Body = "

    hi

    "; if(!$mail->send()) { echo 'Mailer Error: ' . $mail->ErrorInfo; }
    0
  • vanessa
    $mail->isSMTP() Sort of implies you're trying to use SMTP but are not passing any credentials. So either don't use SMTP, or specify your login details.
    0
  • alfa ex
    @vanessa yes, i'm not using the credentials, it is commented, in this case the email need to fail. But the email is sent with success even without credentials. This should not work because anyone in the world can send e-mail using my server without i knowing.
    0
  • alfa ex
    ok guys, since "nothing was working" i decided to go low level. I opened a shell and nc (netcat) an e-mail by hand, what brought more questions but solved the problem. The first question was that why I managed to send an email to my OWN domain with no problem at all.
    CLIENT->nc mail.mydomain.com 25 SERVER->220-hostname.mydomain.com ESMTP Exim 4.86 #2 Wed, 16 Dec 2015 17:33:33 -0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. CLIENT->HELO mail.mydomain.com SERVER->250 hostname.mydomain.com Hello xxx-xxx-xx-xxx.dial-up.telesp.net.br [xxx.xxx.xx.xxx] CLIENT->MAIL FROM: SERVER->250 OK CLIENT->RCPT TO: SERVER->250 Accepted CLIENT->DATA SERVER->354 Enter message, ending with "." on a line by itself CLIENT->my email CLIENT->. SERVER->250 OK id=1a9Hrz-0006EL-Ma CLIENT->QUIT SERVER->221 hostname.mydomain.com closing connection
    This is kind dangerous because if i make a simple script with a 999999 loop i will exhaust the server, but it will be only to my internal accounts. If i try to do the same but with a gmail or hotmail or wherever, (sending email from my domain to gmail) this message is shown.
    550-Please turn on SMTP Authentication in your mail client. 550-xxx-xxx-xx-xxx.dial-up.telesp.net.br (mail.mydomain.com) 550-[xxx.xxx.xx.xxx]:42173 is not permitted to relay through this server 550 without authentication.
    So my mail server is not open to the world, but as I was testing with my own domain e-mail, that's why i HAD the impression that my server was open. I tried with google and them require authentication even to send from your own account, after all they will not know if it's really you that are sending the email. Now i want to know how i can block my smtp for anyone in the world send e-mail to my own accounts.
    0
  • cPanelMichael
    There's an option referenced on the following document that may interest you: How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation Thank you.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post