Empowering you with the knowledge to master Linux web hosting, DevOps and Cloud

 Linux Web Hosting, DevOps, and Cloud Solutions

Tag: mail server

Run Postfix on multiple ports

Adding additional SMTP listenerports

By default postfix run on port 25 and 587(TLS). However some ISPs block port 25. In that case you can configure the postfix mail server to listen on addional ports too, for example port 26 or some random 5125.

This configuration is done in the master.cf configuration file. Edit it in your editor of choice.

This file is in the following format:

# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================

The first column is the port number that you want to listen on. The default SMTP port 25 line will read as follows:

smtp inet n - - - - smtpd

To add an additional listener port of 5125, insert the the following after the above:

5125 inet n - n - - smtpd

Save the file and restart postfix service

service postfix restart

Now you can use port 25, 587 and 5125 to connect to your mail server.

Blocking spoofed outgoing mails from your cPanel server

Spoofing is where the mail headers are manipulated to appear as if the mail comes from some other domain. When emails are set to be from an email address on your domain and bounce, they are sent to our servers, attempting to deliver themselves to that mailbox. Generally, you will never see these emails; however, if the email spoofer happens to configure the “From:” header to be a real email box, the bounce will come back to your mailbox and you will receive the email. There is a high chance that a very large number of spam message already sent from server. This can cause high load in the server and sometimes leads to the blacklist of your mail server IP address.

There are two ways in which a spoofed mail can be created.

1. Exploiting vulnerable form to mail scripts to send out spoofed mails through local mail agent.
2. Using stolen mail account login details to send spoofed mails through SMTP authentication.
Let’s look at a solution on how spoofing can be prevented in Exim mail servers commonly implemented in cPanel/WHM servers.

I. Blocking all un-authenticated spoofed outbound emails
1. Login to WHM >> EXIM CONFIGURATION MANAGER >> ADVANCED EDITOR

2. Add the following entry in the top using Add additional configuration setting:

domainlist remote_domains = lsearch;/etc/remotedomains

3. Add the following code under acl_not_smtp :

deny
condition = ${if ! match_domain{${domain:${address:$h_From:}}}{
+local_domains : +remote_domains}}
message = Sorry, you don’t have\
permission to send email from this server with a header that\
states the email is from ${lc:${domain:${address:$h_from:}}}.
accept

Here, the ACL will check for the presence of domain name part of the from address in either of the files – /etc/localdomains or /etc/remotedomains. If there is a mismatch, server will reject the email.

 

II. Blocking all authenticated spoofed outbound emails
1. WHM >> EXIM CONFIGURATION MANAGER >> ADVANCED EXIM EDITOR

2. Search for acl_smtp_data and add the following lines under it:

deny
authenticated = *
condition = ${if or {{ !eqi{$authenticated_id} {$sender_address} }\
{ !eqi{$authenticated_id} {${address:$header_From:}} }\
}\
}
message = Your FROM address ( $sender_address , $header_From )
must match your authenticated email user ( $authenticated_id ).
Treating this as a spoofed email.
Here, for all authenticated users, the rule will check whether the authenticated userid matches with the from address. If it matches, it will allow the email. Else, it will display the message “Your FROM must match your authenticated email user. Treating this as spoofed email”

 

PS: If the acl_smtp_data is mentioned as something else(like acl_smtp_data = check_message), locate check_message and add the above lines just under it.
IMPORTANT points to keep in mind
a. POP before SMTP won’t work with this setting. You will have to ask your customers to use the option – “My Server Requires Authentication” in the SMTP settings of their email client.
b. Username in the format user+domain.com will not work. They have to use user@domain.com instead.

Also your customer cannot change the from field to something other than original authentcated user. People use this method in Website Contact forms.

 

Setting SPF records

Another way to prevent spoofing is using SPF records. You must specify valid spf records for your domain, so that only the intended people or server can send mails on behalf of your domain name.

Powered by WordPress & Theme by Anders Norén