- 1 Introduction
- 2 Cheat Sheet
- 3 HOWTO: Block IP Address In Cpanel
- 4 HOWTO: Disable Port 25 To Outside World
- 5 HOWTO: Force Email Clients To Authenticate Under WHM Cpanel
- 6 HOWTO: Check That Exim Is Running
- 7 HOWTO: Look For SMTP Activity In Logs
- 8 HOWTO: Count The SMTP Connections
- 9 HOWTO: Remove All Messages From The Mail Queue
- 10 HOWTO: Count The Number Of Messages In The Mail Queue
- 11 HOWTO: Print A Listing Of The Messages In The Queue
- 12 HOWTO: Print A Summary Of Messages In The Queue
If you block incoming traffic on port 25, your users will not be able to receive any mail. That is totally normal, expected behavior. The mail client used makes no difference. Incoming mail simply will not work.
Port 25 is how mail servers talk to each other. If you block port 25, your server (and your users) will not receive any mail.
What you are trying to do is just not going to work like you want it to work. If you block port 25, there is no way at all to tell other servers, that want to send mail to your server, to use a different port. Blocking port 25 breaks mail.
You may be misunderstanding the purpose of Exim running on an additional port (like 26). Many Internet service providers (ISPs) block their end users from sending mail on port 25, so that is why you might want Exim to listen on port 26 or even a different port. Exim on an additional port lets your users send mail to your server, so your server can relay it out to its destination. However, Exim still uses port 25 to send mail to other servers, and other servers still use port 25 to send mail to your server.
Port 25 is the port that Internet mail servers use to send mail to each other, and disabling it is not a valid way to try to handle a spam or DDOS problem. All it will do is break your mail completely.
A much better way to deal with this is to ask your hosting company what services they offer to mitigate DDOS attacks. They may be able to block the offending IP addresses at the network level, possibly even at their upstream provider. That is really the only way to approach this, instead of completely breaking mail by blocking port 25.
HOWTO: Block IP Address In Cpanel
Home » Service Configuration » Exim Configuration Manager » Access Lists » Blacklisted SMTP IP Addresses » Edit » Save
HOWTO: Disable Port 25 To Outside World
DO NOT DO THIS UNLESS YOU NEVER WANT TO RECEIVE EMAIL FROM OTHER EMAIL SERVERS
local_interfaces = 127.0.0.1.25 : 0.0.0.0.465 : 0.0.0.0.587
Or in the WHM Control Panel...
WHM Home > Service Configuration > Exim Configuration Manager > Advanced > Add Additional Configuration local_interfaces = 127.0.0.1.25 : 0.0.0.0.465 : 0.0.0.0.587 > Save
HOWTO: Force Email Clients To Authenticate Under WHM Cpanel
WHM Home > Service Configuration > Exim Configuration Manager > Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server
HOWTO: Check That Exim Is Running
sudo exiwhat 26268 daemon: -q1h, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) and for SMTPS on port 465 (IPv6 and IPv4)
HOWTO: Look For SMTP Activity In Logs
The main Exim log file is in /var/log/exim/exim_mainlog
When they connect but don't quit or finish properly...
2014-08-14 10:41:49 SMTP connection from [123.456.789.0]:52180 (TCP/IP connection count = 1) 2014-08-14 10:41:57 SMTP connection from whatever.domain.com [123.456.789.0]:52180 lost
When they connect and do finish properly...
2014-08-14 10:42:20 SMTP connection from [123.456.789.0]:52180 (TCP/IP connection count = 1) 2014-08-14 10:41:27 SMTP connection from whatever.domain.com [123.456.789.0]:52183 closed by QUIT
HOWTO: Count The SMTP Connections
sudo grep -c 'SMTP connection' /var/log/exim_mainlog
HOWTO: Remove All Messages From The Mail Queue
sudo exim -bp | exiqgrep -i | xargs exim -Mrm
HOWTO: Count The Number Of Messages In The Mail Queue
sudo exim -bpc
HOWTO: Print A Listing Of The Messages In The Queue
sudo exim -bp | less
HOWTO: Print A Summary Of Messages In The Queue
sudo exim -bp | exiqsumm