1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Stunnel Insecure for SMTP?

Discussion in 'Plesk for Windows - 8.x and Older' started by bzimmer, Aug 12, 2007.

  1. bzimmer

    bzimmer Guest

    0
     
    I'm running a clean install of 8.1.1 (latest patches) and just enabled the stunnel utility (Plesk SSL Wrapper). When I ran a security scan of my server (Nessus, offered by Softlayer), it informed me that although my SMTP port (25) was closed to relaying, my SMTPS port (465) allowed relaying. It would appear that when stunnel is invoked, the local IP address (127.0.0.1) is being passed to mailenable instead of the IP of the connection. I read a bit about this at:

    http://marc.info/?l=stunnel-users&m=100831182223125&w=2

    and it would seem the -T flag must be invoked when stunnel is ran. Can someone confirm if this is in fact what the bug is? If so, is there a place I can add -T flag or does SWSoft need to fix this (if it is a bug). Thanks!

    Brian
     
  2. bzimmer

    bzimmer Guest

    0
     
    Has anyone else attempted to reproduce this? All you should need to do is setup a server, allow relaying with authentication and relaying from 127.0.0.1 (that's a default setting), enable stunnel, and then try sending a message through SMPTS to another server (using outlook or another mail program). If the message goes through (without sending the server any authentication), then there is a hole. Thanks!
     
  3. sergius

    sergius Golden Pleskian

    28
    57%
    Joined:
    Nov 6, 2005
    Messages:
    1,898
    Likes Received:
    0
    Hello bzimmer,

    Thank you for the report. Seems you are right and this issue does take place. It will be fixed as soon as possible.
     
Loading...