Thursday, December 31, 2015

spam - EXIM SMTP allows to send mails without login / authentication via telnet to any domain

I'm ashamed, but I have to ask for help. My server is being used for sending spam, I've found out I can simply connect with telnet (edit: from any server in office, home and even directly from CMD/Putty Telnet), add mail from/rcpt to/data without any login/authorization and send mail from my domain to any external mailbox (for example gmail accounts). I'm using Exim/SMTP/CSF on Debian, and have basic knowlegde about them.



root@vps:~# telnet example.com 25
Trying 19x.10x.8x.1xx...
Connected to example.com.
Escape character is '^]'.
220 serwer.example.com.pl ESMTP Exim 4.91 Wed, 19 Sep 2018 10:48:05

+0200
mail from: xyz@example.com
250 OK
rcpt to: outerbox@gmail.com
250 Accepted
data
354 Enter message, ending with "." on a line by itself
test data.
.
250 OK id=1g2Y9t-0003yu-Of



I want to prevent this and force any form of authentication to prevent sending spam from my server to external mailboxes. My second server while trying to do this same thing, after "rcpt to": command returns "550 authentication required". I think that's the proper behaviour, so you can't send spam.



In my exim.conf I've got empty relay parameters (I've tried putting my server's IP or localhost adress, without luck):



addresslist whitelist_senders = lsearch;/etc/virtual/whitelist_senders
addresslist blacklist_senders = lsearch;/etc/virtual/blacklist_senders
domainlist blacklist_domains = lsearch;/etc/virtual/blacklist_domains
domainlist whitelist_domains = lsearch;/etc/virtual/whitelist_domains

domainlist local_domains = lsearch;/etc/virtual/domains
domainlist relay_domains =
domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
hostlist auth_relay_hosts =
hostlist bad_sender_hosts = lsearch;/etc/virtual/bad_sender_hosts
hostlist bad_sender_hosts_ip = net-lsearch;/etc/virtual/bad_sender_hosts
hostlist relay_hosts =
hostlist whitelist_hosts = lsearch;/etc/virtual/whitelist_hosts
hostlist whitelist_hosts_ip = net-lsearch;/etc/virtual/whitelist_hosts



Authentication section



begin authenticators

plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = "${perl{smtpauth}}"

server_set_id = $2

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${perl{smtpauth}}"
server_set_id = $1



How can I protect my smtp socket? How can i force "authentication required" process? I tried to compare .conf files with my second server, but despite 2 days of tries I'm out of luck.

No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...