Exim

From Indie IT Wiki
Jump to: navigation, search

Introduction

http://www.exim.org

If you block incoming traffic on port 25, your users will not be able to receive any mail. That is totally normal, expected behavior. The mail client used makes no difference. Incoming mail simply will not work.

Port 25 is how mail servers talk to each other. If you block port 25, your server (and your users) will not receive any mail.

What you are trying to do is just not going to work like you want it to work. If you block port 25, there is no way at all to tell other servers, that want to send mail to your server, to use a different port. Blocking port 25 breaks mail.

You may be misunderstanding the purpose of Exim running on an additional port (like 26). Many Internet service providers (ISPs) block their end users from sending mail on port 25, so that is why you might want Exim to listen on port 26 or even a different port. Exim on an additional port lets your users send mail to your server, so your server can relay it out to its destination. However, Exim still uses port 25 to send mail to other servers, and other servers still use port 25 to send mail to your server.

Port 25 is the port that Internet mail servers use to send mail to each other, and disabling it is not a valid way to try to handle a spam or DDOS problem. All it will do is break your mail completely.

A much better way to deal with this is to ask your hosting company what services they offer to mitigate DDOS attacks. They may be able to block the offending IP addresses at the network level, possibly even at their upstream provider. That is really the only way to approach this, instead of completely breaking mail by blocking port 25.

Cheat Sheet

http://bradthemad.org/tech/notes/exim_cheatsheet.php

HOWTO: Block IP Address In Cpanel

Home » Service Configuration » Exim Configuration Manager » Access Lists » Blacklisted SMTP IP Addresses » Edit » Save

HOWTO: Disable Port 25 To Outside World

DO NOT DO THIS UNLESS YOU NEVER WANT TO RECEIVE EMAIL FROM OTHER EMAIL SERVERS

nano /etc/exim.conf
local_interfaces = 127.0.0.1.25 : 0.0.0.0.465 : 0.0.0.0.587

Or in the WHM Control Panel...

WHM Home > Service Configuration > Exim Configuration Manager > Advanced > Add Additional Configuration
local_interfaces = 127.0.0.1.25 : 0.0.0.0.465 : 0.0.0.0.587 > Save

HOWTO: Force Email Clients To Authenticate Under WHM Cpanel

WHM Home > Service Configuration > Exim Configuration Manager > Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server

HOWTO: Check That Exim Is Running

sudo exiwhat
26268 daemon: -q1h, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) and for SMTPS on port 465 (IPv6 and IPv4)

HOWTO: Look For SMTP Activity In Logs

The main Exim log file is in /var/log/exim/exim_mainlog

When they connect but don't quit or finish properly...

2014-08-14 10:41:49 SMTP connection from [123.456.789.0]:52180 (TCP/IP connection count = 1)
2014-08-14 10:41:57 SMTP connection from whatever.domain.com [123.456.789.0]:52180 lost

When they connect and do finish properly...

2014-08-14 10:42:20 SMTP connection from [123.456.789.0]:52180 (TCP/IP connection count = 1)
2014-08-14 10:41:27 SMTP connection from whatever.domain.com [123.456.789.0]:52183 closed by QUIT

HOWTO: Count The SMTP Connections

sudo grep -c 'SMTP connection' /var/log/exim_mainlog

HOWTO: Remove All Messages From The Mail Queue

sudo exim -bp | exiqgrep -i | xargs exim -Mrm

Thanks - http://www.cyberciti.biz/faq/exim-remove-all-messages-from-the-mail-queue/

HOWTO: Count The Number Of Messages In The Mail Queue

sudo exim -bpc

HOWTO: Print A Listing Of The Messages In The Queue

sudo exim -bp | less

HOWTO: Print A Summary Of Messages In The Queue

sudo exim -bp | exiqsumm