smtp authentication

xoox · Mar 29, 2013

Hey guys

I noticed that everyone can send an email from OUTLOOK without a password, that is open and free server attempts like getting spammed my server can send spam free for everyone ...

How can I block this?
I want to verify ... Mail sent only if the email password

Thank you

zEitEr · Mar 29, 2013

Hello,

That's pop auth before smtp (da-popb4smtp)

Check this http://help.directadmin.com/item.php?id=201 if you think you're an open relay.

nobaloney · Mar 29, 2013

Note carefully that unless you've made changes to exim.conf, or have added a domain to a whitelist in /etc/virtual, DirectAdmin's implementation will not relay email off the server unless the sender is authenticated.

However, by design anyone can use your server to send mail to any address on the server. That's by design. If it didn't work that way, then no one from anywhere could send email to anyone with an address on your server.

Jeff

Arieh · Mar 29, 2013

I've disabled it, because people are using pop3/imap on their mobile devices and the IP addresses of those mobile isps are the same for a lot of people. Though I haven't experienced abuse (it would need to be targeted, not an everyday rooted server), I don't like the idea of it and it's quite easy to let a mailclient also send the password for outgoing mail.

nobaloney · Apr 5, 2013

I'm not sure what it is you've disabled.

Jeff

Richard G · Apr 5, 2013

A good guess: I think he disabled da_popb4smtp.

Arieh · Apr 5, 2013

That's correct

smtp authentication

xoox

Verified User

zEitEr

Super Moderator

nobaloney

NoBaloney Internet Svcs - In Memoriam †

Arieh

Verified User

nobaloney

NoBaloney Internet Svcs - In Memoriam †

Richard G

Verified User

Arieh

Verified User