My Server Requires Authentication

E

eyebar

Verified User
Joined
Oct 6, 2007
Messages
5
I was testing my email settings in Outlook Express, and decided to "untick" My Server Requires Authentication so that I would see what happens. I want to make sure our server is secure against outside forces.
Well, to my surprise, it still let my emails go out. Does anyone know how this can happen? I thought Exim is set up properly for this right from the get-go.

Eyebar
 
If you are using the DA original conf (SpamBlocker exim.conf) there is no open relay.
Of course this means that you can still send messages to the local domains without authentication, otherwise you wouldn't receive any.
If you have tried to send a message elsewhere and it worked, it must be the POP-before-SMTP system of DA -- you can do it only because you authenticated to a POP or IMAP account from the same machine in the preceding X hours.

If you want to be sure you don't accept any open relay tricks, use an open relay tester (like these: http://spamlinks.net/prevent-secure-relay-test.htm#web).
 
Last edited:
Thanks Tillo

This is a brand new install of the latest DA with Exim.

OK...I checked and I do not have an open relay. This is good. I then created a new email account using one of my domains that I host on this server, and sent an email out to an outside "operamail" account I have. The email went out again without the "AUTH" ticked.

Are you saying that because it is going out from the same server/IP address that was authenticated within the last few hours it worked?

If that's so...If I wait until tommorrow, and try sending again before using any other email, it shouldn't go out then?

Eyebar
 
Exactly, it shouldn't.
I don't remember exactly for how many hours DA's POP-before-SMTP is set up, but you can modify /etc/virtual/pophosts and /etc/virtual/pophosts_user erasing the lines with your IP address, then retry.
Some clients do automatically a POP/IMAP login before sending a message through SMTP, but if I well remember Outlook Express doesn't do it.

If you want to be perfectly sure, tell me what's your domain and I'll try myself to do open relay sending a message from your address to somewhere else.
 
Last edited:
You must log in or register to reply here.
Back
Top