How to prevent email send as remote user
helo
i have problem with sending email with smtp without authentication.
i have read this tread but not working
Prevent email from being send from server domain
then.. i have tried using php mailer script..
yes we can send email using php mailer script (using SMTP local server).
and there is an option:
$mail->SMTPAuth = false;
yes i try to not using SMTP auth.. and email successfully send...
this is dangerous i guess..
here is the detail message:
sorry i use xx to hide the domain.. what i am currious is here: Sender User: -remote- <--- actually this is cpanel user: hendranata who send that email from php script.. not from anybody else.. but why they known as -remote- ?? how to block email if the SMTP auth is off ? i did many possibility. 1. yes if we run php mailer script from outside server.. yes SMTP required to login first before they can send email however.... 2. if we run php mailer script from internal server.. SMTP does not required to login first before they can send email. (it means they can send email with or without SMTP auth actually). <--- this case is quite dangerous when a user send email using SMTP from internal hosting and without SMTP authentication. any solution?
Event: success
Sender User: -remote-
Sender Domain:
Sender: abc@aaa.com
Sent Time: Aug 26, 2017 12:01:12 PM
Sender Host: xxx.xxx.com
Sender IP: 139.99.4.228
Authentication: localdelivery
Spam Score:
Recipient: admin@xx.xx.com
Delivered To: admin@xx.xx.com
Delivery User: hendranata
Delivery Domain: xx.xx.com
Router: virtual_user
Transport: dovecot_virtual_delivery
Out Time: Aug 26, 2017 12:01:12 PM
ID: 1dlTDQ-0001Vd-O8
Delivery Host: localhost
Delivery IP: 127.0.0.1
Size: 1.05 KB
Result: Accepted
sorry i use xx to hide the domain.. what i am currious is here: Sender User: -remote- <--- actually this is cpanel user: hendranata who send that email from php script.. not from anybody else.. but why they known as -remote- ?? how to block email if the SMTP auth is off ? i did many possibility. 1. yes if we run php mailer script from outside server.. yes SMTP required to login first before they can send email however.... 2. if we run php mailer script from internal server.. SMTP does not required to login first before they can send email. (it means they can send email with or without SMTP auth actually). <--- this case is quite dangerous when a user send email using SMTP from internal hosting and without SMTP authentication. any solution?
-
Hi, If you want to use only SMTP authentication in the PHP script, then you have to disable the PHP mail function, so only authentication will be accepted.. -1 -
I know. I dont talk about mail. But i talk about smtp only. Php mail() function is already disable.. And we use php mailer to send email using smtp. In that case, php mailer give an option whether u want to use smtp auth yes or not. (See my first post above). If we turn off smtp auth.. then we can send email through smtp without authentication.. (which is dangerous since they are known as remote user) If we turn on smtp auth.. yes this is safe to be used.. 0 -
Ok i will specific to my main question. Since i can send email through smtp auth and smtp without auth.. How do we prevent user to send email through smtp without auth..?? Because i my trial.. i can use both smtp with authentication (this is okay) and smtp without authentication (this is need to be blocked). Then How to prevent anybody from sending email through smtp without authentication? 0 -
i read somebody comment here Preventing sendmail and there is no answer till now.. maybe we can modify the exim but i am not sure how to achieve that.. yes i have read exim documentation but i am not an exim expert then need help about this 0 -
Hello, Any local cPanel user can use the 127.0.0.1 IP address to send mail without authentication. This can make it difficult for system administrators to determine which cPanel account sent the mail, especially when a malicious user spoofs an email address to disguise the origin of the email. To require cPanel & WHM to put the actual sender in the header, enable the Experimental: Rewrite From: header to match actual sender option in WHM's Once this option is enabled, you can more easily identify any senders using the server to send out SPAM, and then suspend those accounts or change the passwords to prevent further delivery of such messages. Thank you. 0 -
I"m proceed disabling this feature and have a lot of problems. 0 -
I"m proceed disabling this feature and have a lot of problems.
Could you provide more specific details about what feature you disabled and what problems you are having? Thank you.0
Please sign in to leave a comment.
Comments
8 comments