Authencation on Port 25 in Cpanel ?
Dear, I have another troublesome issue with Exim authentication on cpanel. When I telnet to my Mail server and send internal mail via EHLO packet. If I send information to a domain of my customer such as ehlo customer.com I will have authentication problems when sending internal mail.
However, I just need to change a little in the ehlo part, I will send the message with the server's hostname information, for example ehlo hostname.com.Then it doesn't even encounter any authentication or prohibition obstacles.
I can freely fake any email I have internally to send phishing emails to customers who are using my email. SPF or even DKIM doesn't work. My hostname must be published when I send service information to my customers and it would be a disaster if one of those customers maliciously attacked my mail server. I can't block port 25 because it will cause my MTA to fail. So my problem is how can I enable this authentication function for the server's hostname when it is used as an email server? Thanks.
-
Hey there! There is no way to change this behavior as this is how Exim works, and cPanel does not want to change that default. There is a bit more information on this here:
https://features.cpanel.net/topic/enable-smtp-authentication-on-local-delivery
0 -
But if someone takes advantage of that and attacks to fake messages, it will be a disaster. I wonder if there is any way to prevent this problem.
0 -
You mentioned SPF or DKIM doesn't work - why is that? If you are making a remote telnet session to a mailserver and sending unauthenticated messages they will quickly get detected by most modern mailservers and will not be delivered. If the connection is local to the machine running the Exim server, Exim considers that already authenticated. You're already on the server so you could do much worse than send spam messages to local accounts.
0
Please sign in to leave a comment.
Comments
3 comments