Second Exim running on port 587 - How to force authenticated SMTP only?
With the second instance of Exim running on port 587 - How would I modify the configuration in the Advanced Editor to allow authenticated SMTP only on that port? By default, port 587 accepts standard smtp as well as authenticated smtp...I'd like to make it so that standard smtp is not accepted on port 587.
Hope that's clear.And look forward to any assistance people can offer!
1) Disable any check boxes in WHM > Service Manager > that reference antirelayd
2) Clear out any values in /etc/relayhosts and /etc/relayhostsusers (these are updated when POP-before-SMTP is active).
3) Place a blank file called antirelayddisable in the /etc/ directory (depends on version of cPanel but don't think it can hurt).
4) Restart Exim.
Hi Rick --
Thank you for your suggestion.
I tried that, but it still allows normal SMTP on port 587 without authentication (it supports authentication, too, but I don't want inbound mail to come via 587, only to allow users to send outbound mail via smtp auth)
Any further thoughts?
I'm running WHM 11.23.2 cPanel 11.23.6-S27225.
My reasoning for this -- we have a Barracuda in front of all our mail servers and don't want spammers circumventing it by sending inbound mail directly via port 587 that we need open for users to smtp_auth.
Thanks!
...Q
[my post didn't pass a re-read sanity check! So I edited it out]
Hope to still find a solution for port 587, though!
Last edited by Quark; 09-14-2008 at 11:49 AM.
OK -- I think I have a workable solution!
Go to:
Main >> Service Configuration >> Exim Configuration Editor
Click on:
Advanced Editor
Scroll down to:
begin acl
There will be two textareas, look in the second text area and find:
accept hosts = *
authenticated = *
Underneath these two lines add:
Scroll down and hit SAVE, it should save the config and restart Exim. I have tested it in my environment and it works for me. Port 25 still works as expected, but port 587 now REQUIRES smtp authentication. Mission accomplished for me.Code:# Added to restrict 587 to smtp_auth only accept hosts = +auth_relay_hosts condition = ${if eq {$interface_port}{587} {yes}{no}} endpass message = relay not permitted, authentication required authenticated = *
** THIS WORKED FOR ME, if you try this and it works for you, please post in this thread. I don't want people trying this unless they are a) careful/knowledgeable or b) comfortable that this has worked for more than one person!
Q: Have you made any changes to exim.conf, either directly or through the advanced editor prior to this?
With antirelayd disabled and relayhostsusers and relayhosts empty (I would double check to make certain they stayed clear inbetween the time you restarted exim), you should not be able to send mail on 587 w/o authentication. I've double tested this on many systems ... and without checking "My outgoing mail server requires authentication" (or similar option, depending on mail client), I can't send mail through the server.
You should not have to manually add the entries you posted into the advanced configuration editor (although glad they work). In the WHM, I would seriously consider going under Service Configuration -> Exim Configuration Editor -> and Reset ACL configs to their default settings and see how things work from there.
LinkBack URL
About LinkBacks
Reply With Quote