• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

SMTP Server no authentication needed!!!

L

loopy

Guest
Dear all,

I'm having a big security hole on my plesk server and I'd like to know if anyone else has this issue before I'm going to contact Swsoft.

I can use ANY smtp-server from my customers without ANY authentication. Mails will just be send :mad:

On the server-side smtp-authentication is set.
But this has no effect to the mail-accounts for the domains.

Tested with Outlook (just added the smtp server, no authentication, no pass set) and several domains of my customers.

Plesk 8.0.1 is installed.

Thanks
 
Are you sending mail to Domains which you have configured in plesk ? If yes, than it is no problem.

If you are sending to domains which aren't configured in plesk, then you need to check the setting under:

Server - Mail - Relaying

Set it to authentication required ( you can optional set the smtp or pop3 auth)

If that still doesn't work, please post the /etc/xinit.d/smtp_psa content here!
 
Hello Pascal,

- Server is set to authentication required (for POP3 and SMTP).

- I have no IPs/Networks in white list on the "Server->Mail->White List" in Plesk CP (only 127.0.0.1, which is needed to allow mail sending from Webmail).

- SMTP is served by Plesk Qmail
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 hostname.tld ESMTP
Click to expand...

I can send mails to everybody, not only to domains which are configured in Plesk.
I have no clue where's the problem :confused:

Anyway, here is my smtp_psa

service smtp
{
socket_type = stream
protocol = tcp
wait = no
disable = no
user = root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = -R /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd
/var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}

~
Click to expand...

I already went through the knowledgebase and found the following articles regarding this issue (if anyone has the same problem).
Anyway, it didn't fix my problem.


Knowledgebase articles

- Article ID #1394
Everyone can send mail from the server without authorization, I think that relaying is opened on my server, how can I stop it?

- Article ID #1387
How can I check that SMTP Plesk service is running OK on the server?

- Article ID #766
The server is overloaded with SPAM. There are many messages in queue. Mail is delivered slowly.
 
Authentication works again, please don't ask me what was the problem.

I decided to reboot the server in the night and that was it then.
Works again as it should :)
 
You must log in or register to reply here.

Similar threads

F
Resolved System mails (MAILER-DAEMON) Undelivered Mail Returned to Sender
Replies
6
Views
218
fvrk4n
F
A
Issue DKIM and DMARC issue, emails not sending
Replies
4
Views
389
danami
danami
carlsson
Resolved Outgoing administrator mail not authorized [missing SPF record in sender domain]
Replies
11
Views
983
rkbonatto
rkbonatto
R
Issue Trouble Adding IMAP Email Accounts on New Version of Outlook
Replies
7
Views
471
Peter Debik
P
carlsson
Issue Really strange problem – I can't use my SMTP server intermittently
Replies
2
Views
218
carlsson
carlsson
Back
Top