To allow remote users to authenticate to the outbound mailserver, SMTP-AUTH can be used. Unfortunately, a spammer can perform a brute force attack to guess the username and password to an account on the mailserver using SMTPAUTH.

You can mitigate SMTP AUTH using the below procedure :

1.Go to WHM >> choose Exim Configuration Manager from Advance Editors

2.Find “Add additional configuration setting”

3.Add New Value from the drop down menu “auth_advertise_hosts”

4.Fill in the value to =
${if match_ip{$sender_host_address}{iplsearch;/etc/exim.smtpauth}{*}{}}

5.Scroll down and save

6.Then edit /etc/csf/csf.conf and enable SMTPAUTH_RESTRICT to 1

7.Then add your country to CC_ALLOW_SMTPAUTH. After adding the entry restart the firewall.
Then restart your csf with option -r

8.If you like to allow custom IP range for auth for example to allow login from google. Do add the IP in this file /etc/csf/csf.smtpauth.

CSF, configserver firewall has an option:

The additional option CC_ALLOW_SMTPAUTH can be used with this option to additionally restrict access to specific countries

This is to help limit attempts at distributed attacks against SMTP AUTH which are difficult to achive since port 25 needs to be open to relay email

The reason why this works is that if EXIM does not advertise SMTP AUTH on a connection, then SMTP AUTH will not accept logins, defeating the attacks without restricting mail relaying

Note: csf and lfd must be restarted if /etc/csf/csf.smtpauth is modified so that the lookup file in /etc/exim.smtpauth is regenerated from the information from /etc/csf/csf.smtpauth plus any countries listed in CC_ALLOW_SMTPAUTH

• To enable this option, set to 1 and make the exim configuration changes
• To disable this option, set to 0 and undo the exim configuration changes
• SMTPAUTH_RESTRICT = 1