exim

[anand]

I am not sure what is causing this, so need help with this.

Normally any email send through the server SMTP gets some headers attached to it no matter wat the mail is

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - $primary_hostname
X-AntiAbuse: Original Domain - $original_domain
X-AntiAbuse: Originator/Caller UID/GID - [$originator_uid $originator_gid] / [$caller
_uid $caller_gid]
X-AntiAbuse: Sender Address Domain - $sender_address_domain

Now i see that these headers are not being added to any mails being send. I have checked on three boxes of mine which give me the same results. Any ideas why these headers are not being added ??

Also there is something more which was pointed to me by a user of mine. Now when any pop user auths and downloads his mail, the user is allowed to relay mails from the server for another 30 mins without authentication for the smtp. This is causing troubles at my customers place. How do i reduce this time ? Or remove this altogether ? The file which stores these ips temporarily is /etc/relayhosts. One possible solution could be delete relayhosts and symlink to /dev/null. This way no ips can get added to it. But its not a gud one. Can someone give a better one ?

[howard]

you could remove antirelayd (or better kill it then do >antirelayd then chatter +i it) so it no longer updates relayhosts and thus only allow mail which is sent from the actual server (e.g. from a php/perl script)

Or alternatively you could edit the line in antirelayd saying $exptime = (time() - (60*30)); (which i belive is the offending line)

[anand]

Best of all i removed the entire function which actualy made the relayhosts file. Now i restarted exim. But still the user is able to relay without authentication.

[anand]

any ideas why the anti-abuse headers are not being added ??

[howard]

Originally posted by anand
Best of all i removed the entire function which actualy made the relayhosts file. Now i restarted exim. But still the user is able to relay without authentication.

Do /usr/sbin/exim -d9 -bh ip.address that will you to simulate a smtp conversation from that ip address to see how exim is handling it

For the anti-abuse headers have you looked in exim.conf in the section beginning lookuphost: there should be line saying headers_add then all the anti-abuse stuff

[anand]

would try the exim thing and let you know.

As for the antiabuse, i saw the headers add stuff, but the confusion is why is exim still not adding them ??

anyone care to let me a copy of their exim.conf ??

[anand]

now i have strange problems with this box

when i use squirrelmail, i get while sending mail
Server replied: 421 Unexpected failure, please try later

and when i use outlook to relay mails without any smtp authentication, it relays mails.

any ideas ??

[howard]

Not entirely sure about that anitabuse thing as i haven't seen it occur before personally (the problem that is of course)

You could check that exim is not confused about where its meant to be reading the path by doing /usr/sbin/exim -bP configure_file

You could also check your exim.conf against the base exim.conf by grabbing say the 140 exim rpm frm http://ftp.cpanel.net/sysup/generic/exim/ then doing rpm2cpio rpm|cpio -id (or you can reinstall if you wish I personally like to keep my rpm db free of dupes or you could skip this entirely by running one of the *exim scripts in /scripts) then examine the exim.conf in etc/ directory (or if you have reinstalled the rpm/ran a script from /scripts you can skip this step)

I generally found that the unexpected failure message is the result of a command or output of the query is different what the exim was thinking it would be (hence the unexpected bit) this could be caused by say checking to see weather a entry is in a list but instead getting the list back, the specfic error is generally logged in the main / panic logs

[aress24x7]

I have tried the following ACL code for SMTP authentication in Exim 4.2.x

*********************************
acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message


domainlist local_domains = lsearch;/etc/localdomains

domainlist relay_domains = lsearch;/etc/localdomains : \
lsearch;/etc/secondarymx
hostlist relay_hosts = lsearch;/etc/relayhosts : \
localhost
hostlist auth_relay_hosts = *



begin acl


#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :
require verify = sender
accept domains = +local_domains
accept domains = +relay_domains
accept hosts = +relay_hosts
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *

deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
deny message = $sender_host_address is listed \
at $dnslist_domain
dnslists = spamhaus.relays.osirusoft.com : \
proxy.relays.osirusoft.com : \
socks.relays.osirusoft.com : \
spamsites.relays.osirusoft.com : \
spews.relays.osirusoft.com : \
inputs.relays.osirusoft.com : \
spamsources.relays.osirusoft.com : \
dialups.relays.osirusoft.com : \
list.dsbl.org : \
flowgoaway.com : \
dialups.visi.com : \
blackholes.easynet.nl : \
opm.blitzed.org
deny local_parts = ^.*[@%!/|]
message = I've never seen @, %, !, /, or | in an e-mail. Neither should you.
drop domains = *.yahoo.com
!verify = recipient
message = I don't want yahoo mails.


#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
accept


begin authenticators

fixed_plain:
driver = plaintext
public_name = PLAIN
server_condition = "${perl{checkuserpass}{$1}{$2}{$3}}"
server_set_id = $1

fixed_login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${perl{checkuserpass}{$1}{$2}}"
server_set_id = $1

***************************************

But still the users can send mails without SMTP authentication. Any help is appreciated...

cPanel.net Support Ticket Number:

cPanel.net Support Ticket Number:

[mmkassem]

checking the pop server already gives the user auth. to send emails.

I think it's cppop which adds the ip to the relayhosts if he checked his email.

cPanel.net Support Ticket Number:

[anand]

I have solved this probs of smtp authentication. You can look at this post for solution.

http://forums.cpanel.net/showthread....2&goto=newpost

I have tried this on 2 pcs with different pcs and it works for me. I can't send mails out unless i switch on smtp authentication. Remember follow the steps and don't forget to remove all the contents of /etc/relayhosts to start with and close your mail client first.

Hope it works for you as well.

cheers!

cPanel.net Support Ticket Number:

[aress24x7]

Thanks! But it didn't either help. Do you have anyother solution for this or do I need to tweak some more files for that.

Please help!

cPanel.net Support Ticket Number:

[anand]

Originally posted by aress24x7
Thanks! But it didn't either help. Do you have anyother solution for this or do I need to tweak some more files for that.

Please help!

cPanel.net Support Ticket Number:

Can u please explain what happened actually ?? I have the same solution working on atleast 5 boxes right now and they all working.

ANother solution was posted by Website Rob:

edit /usr/sbin/antirelayd

Search for:
sub writehosts {
$exptime = (time() - (60*30));

in the bottom of the file.

Change the 30 to watever you want the authentication time to be. If you want users to authenticate everytime please put 0 instead of 30. I am not sure but i think you would need to chattr +i /usr/sbin/antirelayd so that next cpanel update doesn't everyrite it.

cPanel.net Support Ticket Number:

[aress24x7]

Thanks ! Anand

That really worked ! Now I will keep those damn spammer away from my server.

Cheers!

cPanel.net Support Ticket Number:

[anand]

Originally posted by aress24x7
Thanks ! Anand

That really worked ! Now I will keep those damn spammer away from my server.

Cheers!

cPanel.net Support Ticket Number:

Good for you, but you never explained wat happened with the first solution ?? Editing the exim.conf ?? I have tried it on so many boxes and it seems to be working fine on all of them.

As for the solution credit it goes to Website Rob.

cPanel.net Support Ticket Number: