I'm working to increase specific security items on my server and have run into a problem when changing Exim ports. The cPanel monitoring service continues to email me Failed Exim notices. Apparently the service continues to check port 25 even though I have removed it from service, -and- sends me failed messages fort the new port.
Here is my server config:
/etc/redhat-release:CentOS release 6.8 (Final)
/usr/local/cpanel/version:11.58.0.32
/var/cpanel/envtype:vmware
CPANEL=release
Server version: Apache/2.2.27 (Unix)
Server built: Jul 19 2014 15:10:22
Cpanel::Easy::Apache v3.26.0 rev9999
PHP 5.4.30 (cli) (built: Jul 19 2014 15:20:12)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
with the ionCube PHP Loader v4.6.1, Copyright (c) 2002-2014, by ionCube Ltd.
mysql Ver 14.14 Distrib 5.6.33, for Linux (x86_64) using EditLine wrapper
I also have ConfigServer Security and Firewall installed.
I have root access.
The changes I made are as follows:
- Service Configuration > Exim Configuration Manager: changed daemon_smtp_ports by removing all default port numbers, and adding the single (new) port number that I desired (a number between 0 and 2,000)
> Service Configuration > Service Manager > Exim Service Manager (on another port): Set to my (new) port number
- Plugins > ConfigServer Security and Firewall > ConfigServer Firewall > Firewall Configuration > SMTP Settings: changed SMTP_PORTS to the same (new) port number (removing all others)
- Plugins > ConfigServer Security and Firewall > ConfigServer Firewall > Firewall Configuration > IPv4 Port Settings: added the new port number to TCP_IN
Restarted Exim and both firewall services.
I am able to send email via that port both on my local computer using Thunderbird, and my cell phone using the built-in email package. That part appears to "work;" however, I have some other problems that I need to understand and need help with.
Problem 1:
I get an email telling me the "exim-<port number>" service on my (new) port has failed. It sends this every five minutes. Yes, it's annoying. The port shows open and listening when doing a netstat, but does not show up when using nmap. If I turn OFF the monitoring service for "Exim Service Manager (on another port)" then this specific message stops. But I'd like to monitor the service.
Problem 2:
I also get an email from the server on a regular basis telling me that exim has failed (the normal exim service). The email appear to show the cpanel service checking port 25 for exim, but port 25 has been closed as you can see by the config changes I made.
I feel it's a good idea to continue monitoring services, including this one. So I need help with the following question:
How do I get the monitoring service for exim to check ONLY the smtp port I have specified, and not any others, so that it will not send me a failed message?
Thank you,
Asa Jay
Here is my server config:
/etc/redhat-release:CentOS release 6.8 (Final)
/usr/local/cpanel/version:11.58.0.32
/var/cpanel/envtype:vmware
CPANEL=release
Server version: Apache/2.2.27 (Unix)
Server built: Jul 19 2014 15:10:22
Cpanel::Easy::Apache v3.26.0 rev9999
PHP 5.4.30 (cli) (built: Jul 19 2014 15:20:12)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
with the ionCube PHP Loader v4.6.1, Copyright (c) 2002-2014, by ionCube Ltd.
mysql Ver 14.14 Distrib 5.6.33, for Linux (x86_64) using EditLine wrapper
I also have ConfigServer Security and Firewall installed.
I have root access.
The changes I made are as follows:
- Service Configuration > Exim Configuration Manager: changed daemon_smtp_ports by removing all default port numbers, and adding the single (new) port number that I desired (a number between 0 and 2,000)
> Service Configuration > Service Manager > Exim Service Manager (on another port): Set to my (new) port number
- Plugins > ConfigServer Security and Firewall > ConfigServer Firewall > Firewall Configuration > SMTP Settings: changed SMTP_PORTS to the same (new) port number (removing all others)
- Plugins > ConfigServer Security and Firewall > ConfigServer Firewall > Firewall Configuration > IPv4 Port Settings: added the new port number to TCP_IN
Restarted Exim and both firewall services.
I am able to send email via that port both on my local computer using Thunderbird, and my cell phone using the built-in email package. That part appears to "work;" however, I have some other problems that I need to understand and need help with.
Problem 1:
I get an email telling me the "exim-<port number>" service on my (new) port has failed. It sends this every five minutes. Yes, it's annoying. The port shows open and listening when doing a netstat, but does not show up when using nmap. If I turn OFF the monitoring service for "Exim Service Manager (on another port)" then this specific message stops. But I'd like to monitor the service.
Problem 2:
I also get an email from the server on a regular basis telling me that exim has failed (the normal exim service). The email appear to show the cpanel service checking port 25 for exim, but port 25 has been closed as you can see by the config changes I made.
I feel it's a good idea to continue monitoring services, including this one. So I need help with the following question:
How do I get the monitoring service for exim to check ONLY the smtp port I have specified, and not any others, so that it will not send me a failed message?
Thank you,
Asa Jay
