cPanel’s stock installation of Exim includes a Tailwatchd driver called Antirelayd . Antirelayd is a daemon that checks /var/log/maillog for POP3 and IMAP logins and keeps track of valid logins for SMTP relaying. It reads /etc/relayhosts file automatically which is dynamically-updated, so any IPs that you add to this file will not be retained.

By default on all cPanel servers, authentication is required to send email via SMTP. Exim lets you authenticate two ways:

• Directly through SMTP with a valid username/password
• Through POP3 login, which allows the user to relay through the mail server for 30 minutes without re-authenticating

To always force SMTP authentication regardless of POP authentication, type the following command via SSH as root:

/usr/local/cpanel/bin/tailwatchd –disable=Cpanel::TailWatch::Antirelayd

To reverse this setting back to the default:

/usr/local/cpanel/bin/tailwatchd –enable=Cpanel::TailWatch::Antirelayd

You can alternatively disable/enable Antirelayd in WHM > Service Manager.

It’s generally not a good idea to allow open relaying through your mail server unless you want to get blacklisted.  There may be situations where you need to permanently let another server send mail through your server without authentication, in which case you can add their IP to /etc/alwaysrelay . A post in the cpanel forums suggests an alternate solution as well:

In WHM > Exim Configuration Editor > Advanced Editor, find this section:

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *

Appended to this suggestion is changing:

accept hosts = +auth_relay_hosts

to

accept hosts = /etc/exim_smtp_whitelist

There are minor tweaks you can make to exim.conf to remove SMTP authentication altogether, but you won’t find that information here. We don’t want to encourage bad mail server setup that will make the SPAM problem on the Internet even worse.

You can test to see if your server is open relay by sending an email via Telnet and getting a 550 error:

:~$ telnet thecpaneladmin.com 25
Trying 69.174.52.38...
Connected to thecpaneladmin.com.
Escape character is '^]'.
220-thecpaneladmin.com ESMTP Exim 4.69 #1 Tue, 23 Feb 2010 20:37:54 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
helo thecpaneladmin.com
250 thecpaneladmin.com Hello myserver.com [x.x.x.x]
mail from: admin@thecpaneladmin.com
250 OK
rcpt to: test@test.com
550-vaoffice.inmotionhosting.com (thecpaneladmin.com) [68.106.154.170] is
550-currently not permitted to relay through this server. Perhaps you have not
550-logged into the pop/imap server in the last 30 minutes or do not have SMTP
550 Authentication turned on in your email client.

Related posts:

• Opening an Additional Exim Port
• Changing Exim’s Sending IP
• Exim ACL Ratelimit Database Not Available
• Installing DomainKeys and SPF Records
• Localdomains vs. Remotedomains