• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

SMTP Server no authentication needed!!!

L

loopy

Guest
Dear all,

I'm having a big security hole on my plesk server and I'd like to know if anyone else has this issue before I'm going to contact Swsoft.

I can use ANY smtp-server from my customers without ANY authentication. Mails will just be send :mad:

On the server-side smtp-authentication is set.
But this has no effect to the mail-accounts for the domains.

Tested with Outlook (just added the smtp server, no authentication, no pass set) and several domains of my customers.

Plesk 8.0.1 is installed.

Thanks
 
Are you sending mail to Domains which you have configured in plesk ? If yes, than it is no problem.

If you are sending to domains which aren't configured in plesk, then you need to check the setting under:

Server - Mail - Relaying

Set it to authentication required ( you can optional set the smtp or pop3 auth)

If that still doesn't work, please post the /etc/xinit.d/smtp_psa content here!
 
Hello Pascal,

- Server is set to authentication required (for POP3 and SMTP).

- I have no IPs/Networks in white list on the "Server->Mail->White List" in Plesk CP (only 127.0.0.1, which is needed to allow mail sending from Webmail).

- SMTP is served by Plesk Qmail
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 hostname.tld ESMTP
Click to expand...

I can send mails to everybody, not only to domains which are configured in Plesk.
I have no clue where's the problem :confused:

Anyway, here is my smtp_psa

service smtp
{
socket_type = stream
protocol = tcp
wait = no
disable = no
user = root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = -R /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd
/var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}

~
Click to expand...

I already went through the knowledgebase and found the following articles regarding this issue (if anyone has the same problem).
Anyway, it didn't fix my problem.


Knowledgebase articles

- Article ID #1394
Everyone can send mail from the server without authorization, I think that relaying is opened on my server, how can I stop it?

- Article ID #1387
How can I check that SMTP Plesk service is running OK on the server?

- Article ID #766
The server is overloaded with SPAM. There are many messages in queue. Mail is delivered slowly.
 
Authentication works again, please don't ask me what was the problem.

I decided to reboot the server in the night and that was it then.
Works again as it should :)
 
You must log in or register to reply here.

Similar threads

K
Question Cannot connect to SMTP server on localhost using tls (or ssl)
Replies
4
Views
453
Kroptokin
K
V
Issue Need Help with DKIM and SPF
Replies
2
Views
2K
nayoung109
N
F
Issue SOGo - emails sent from webmail, both manually created and autoresponder/vacation/out-of-office, are rejected. They miss spf, dkim, dmarc, everything
Replies
8
Views
4K
Sebahat.hadzhi
Sebahat.hadzhi
M
Issue Email - How to distinguish password authentication method or connection security to connect to email?
Replies
7
Views
9K
learning_curve
learning_curve
Hangover2
Question Outgoing Mail Control Anamoly
Replies
6
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top