1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

SMTP Authentication?

Discussion in 'Plesk for Linux - 8.x and Older' started by Jason_I_Am, Nov 28, 2007.

  1. Jason_I_Am

    Jason_I_Am Guest


    Overnight, one of my e-mail addresses has received 400 SPAM e-mails!

    I've checked the server to see if relaying was the problem, and I don't think it is. The Plesk option (Server->Mail->Relaying) is set to "authorization is required - SMTP".
    I used various web services to verify, and I even installed mrt ( Mail Relay Tester - http://www.monkeys.com/mrt/ ).
    I've tried telnetting into the server and issuing various exploits, such as:

    HELO servername
    MAIL FROM:<malicious@spammer.whatever>
    RCPT TO:<some@other.domain.com>

    I always receive the appropriate message about the host not being in the rcpthosts file.

    So I believe everything is secure (however if I'm wrong, please tell me! :))

    The problem as far as I can see, is a spammer is able to send mail to any of my locally hosted domains without SMTP authentication.

    When I telnet in and type:

    HELO servername
    MAIL FROM:<malicious@spammer.whatever>
    RCPT TO:<myuser@mydomain.com>

    It sends with no problem. I guess it's because it's a locally hosted domain.

    Is it possible to make SMTP authentication a prerequisite even for local users and domains? So basically, I want SMTP authentication as a requirement regardless of where the mail is being sent.
    I've scoured the Plesk administration and can't find anything, but I may have overlooked something important.

    As an aside question, I looked at the header for the message and it gives an "invoked by uid" ID. I checked the passwd file for that ID and found it to be "POP3 service". Is that something to worry about? Does that mean the mails are being sent through POP3 somehow?

    Any and all help would be very much appreciated :)
  2. Hedgren

    Hedgren Guest