Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.
New Topic
cPanel & WHM Feature RequestsTopicEmail
Properties
Category Email

Prevent users from being implicitly authenticating to Exim on the local host

Sloane Bernstein shared this idea 7 years ago
Open Discussion

Currently, if Exim receives an unauthenticated request to relay mail to a remote system, it will attempt to determine whether the connection is coming from a process on the server (see identify_local_connection() in /etc/exim.pl.local). If the connection did originate from the server itself, then the user (except perhaps the nobody user) will be considered authenticated by Exim.

As a system administrator, I want the ability to disable this behavior without breaking system services or mechanisms provided by cPanel. Together with existing features and other requested features, I should be able to force a user to explicitly authenticate via SMTP in order to increase the amount of effort an attacker must expend before a compromised site can be used to send spam.


[cPanel ticket #8816051]

27 I like this idea 0  
Leave a Comment
 
Attach a file

cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.