SMTP force Auth same domain

M

max246

Verified User
Joined
Jan 25, 2007
Messages
10
I tried to google it, looked around in this forum but I couldnt find the solution, so I am sorry if I missed it.

I want to force to have an authentication on my SMTP and avoid to let this happening from outside of the 127.0.0.1

HTML: 
$ telnet domain.net 25
Connected to domain.net.
Escape character is '^]'.
220 domain.net ESMTP Exim 4.73 Tue, 29 Mar 2016 20:02:28 +0200
HELO domain.net
250 domain.net Hello xxxxxxxxxxxx
MAIL FROM: [email protected]
250 OK
RCPT TO: [email protected]
250 Accepted

Probably is a flag on the exim.conf but I am afraid to break stuff that I should not touch.
 
You can't test it this way. External mailservers can't authenticate with your mailserver with a password authentication, only with a helo. But they do connect this way with your mailserver at port 25 to send email to your server.

By default, your clients with email clients already use authentication via popb4smtp. If you want to disable this and use SMTP auth as authentication, you can make these changes:
http://help.directadmin.com/item.php?id=467

But you can't block what you tested via telnet, because that's normal MTA to MTA communication via port 25. However, there are options which block MTA's who are sending a helo with your domain name. Check the spamblocker section. A spamblocker 4.x exim.conf file does a lot of good work.
 
I read your question again. It looks like you don't mean smtp authentication but you need security.
You want this to happen:
Code: 
Bad HELO - Host impersonating domain name
when you send a helo domain.net
and this is what you can achieve with the spamblocker exim.conf files I mentioned.
 
Richard G said:
I read your question again. It looks like you don't mean smtp authentication but you need security.
You want this to happen:
Code: 
Bad HELO - Host impersonating domain name
when you send a helo domain.net
and this is what you can achieve with the spamblocker exim.conf files I mentioned.
Click to expand...


I would like to happen a 550 request rathern then 250

something like this

Code: 
$ telnet domain.net 25
Connected to domain.net.
Escape character is '^]'.
220 domain.net ESMTP Exim 4.73 Tue, 29 Mar 2016 20:02:28 +0200
HELO domain.net
250 domain.net Hello xxxxxxxxxxxx
MAIL FROM: [email protected]
250 OK
RCPT TO: [email protected]
550 authentication required

Right now, anyone from outside can send spam to my personal email using my email, which is very bad. I have removed the open rely and tested it, but this feature is still open and bothering me.

I would like to fix it and leave it open only if the mail is coming from localhost, but everything outside localhost has to authenticate.

Does it make sense?
 
Right now, anyone from outside can send spam to my personal email using my email,
Click to expand...
Not anymore if you followed my tip to use the spamblocker 4 exim.conf file.

Does it make sense?
Click to expand...
No. Like I explained before, how do you expect any mailserver to authenticate with your mailserver?
Because as I explained before, MTA's (mailservers) around the world, connect and send mail to your domains the same way through port 25.

However it's possible that email clients have to authenticate. This was explained in my first answer.
 
You must log in or register to reply here.
Back
Top