The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Closed Exim ports fail cPanel monitoring service

Discussion in 'Security' started by asajay, Oct 21, 2016.

Tags:
  1. asajay

    asajay Member

    Joined:
    Sep 28, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm working to increase specific security items on my server and have run into a problem when changing Exim ports. The cPanel monitoring service continues to email me Failed Exim notices. Apparently the service continues to check port 25 even though I have removed it from service, -and- sends me failed messages fort the new port.

    Here is my server config:
    /etc/redhat-release:CentOS release 6.8 (Final)
    /usr/local/cpanel/version:11.58.0.32
    /var/cpanel/envtype:vmware
    CPANEL=release
    Server version: Apache/2.2.27 (Unix)
    Server built: Jul 19 2014 15:10:22
    Cpanel::Easy::Apache v3.26.0 rev9999
    PHP 5.4.30 (cli) (built: Jul 19 2014 15:20:12)
    Copyright (c) 1997-2014 The PHP Group
    Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
    with the ionCube PHP Loader v4.6.1, Copyright (c) 2002-2014, by ionCube Ltd.
    mysql Ver 14.14 Distrib 5.6.33, for Linux (x86_64) using EditLine wrapper


    I also have ConfigServer Security and Firewall installed.

    I have root access.

    The changes I made are as follows:
    - Service Configuration > Exim Configuration Manager: changed daemon_smtp_ports by removing all default port numbers, and adding the single (new) port number that I desired (a number between 0 and 2,000)
    > Service Configuration > Service Manager > Exim Service Manager (on another port): Set to my (new) port number
    - Plugins > ConfigServer Security and Firewall > ConfigServer Firewall > Firewall Configuration > SMTP Settings: changed SMTP_PORTS to the same (new) port number (removing all others)
    - Plugins > ConfigServer Security and Firewall > ConfigServer Firewall > Firewall Configuration > IPv4 Port Settings: added the new port number to TCP_IN


    Restarted Exim and both firewall services.

    I am able to send email via that port both on my local computer using Thunderbird, and my cell phone using the built-in email package. That part appears to "work;" however, I have some other problems that I need to understand and need help with.

    Problem 1:
    I get an email telling me the "exim-<port number>" service on my (new) port has failed. It sends this every five minutes. Yes, it's annoying. The port shows open and listening when doing a netstat, but does not show up when using nmap. If I turn OFF the monitoring service for "Exim Service Manager (on another port)" then this specific message stops. But I'd like to monitor the service.

    Problem 2:
    I also get an email from the server on a regular basis telling me that exim has failed (the normal exim service). The email appear to show the cpanel service checking port 25 for exim, but port 25 has been closed as you can see by the config changes I made.

    I feel it's a good idea to continue monitoring services, including this one. So I need help with the following question:

    How do I get the monitoring service for exim to check ONLY the smtp port I have specified, and not any others, so that it will not send me a failed message?

    Thank you,
    Asa Jay
     
  2. asajay

    asajay Member

    Joined:
    Sep 28, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Okay, so in the intervening four hours.... I have discovered through Internet searching, that port 25 MUST REMAIN OPEN in order for one MTA to talk to another. In other words.... I need port 25 open so my mail server can send and receive emails to -other- mail servers.

    I hadn't thought to check that part out until later today, when I discovered sending/receiving outside my domain wasn't working. That caused me to do more looking and I found the above. Therefore I have re-enabled port 25 and opened it in the firewall settings.

    Exim is now operational again; no more error messages and I'm getting emails in and out of my server to/from -other- servers now.

    <sigh>
    Learning can be a pain in the rear sometimes.

    Now I'll try monitoring the other port again and see how that goes.
    Nope, that still doesn't work. If I enter the new port number into Service Configuration > Service Manager > Exim Mail Server (on another port)

    I still get emails telling me the service has failed. And oddly enough it also causes clamd to fail. Weird. I don't get clam failure emails when I turn off that monitor.

    Any ideas on that one? I'd like to monitor the service, but maybe I don't really need to since it's also running on port 25. I may need to think about that.
    Asa Jay
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you post the output from the recent entries in /var/log/chkservd.log showing the failure for Exim on the alternate port?

    Thanks!
     
  4. asajay

    asajay Member

    Joined:
    Sep 28, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    There is nothing that shows a failure of the service in that log. Each Service Check has one entry for exim that looks like this:
    exim [[check command:+][socket connect:+]]

    and that is the way it appears all around the time during testing and finding the failure, and having it emailed to me.

    This was nearly 10 days ago. When I have the time, I'll have to reproduce the failure and then check the log again. I would think one of the exim logs should provide more clues, but I'm not real certain what I'm looking for.

    Asa Jay
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look. You can post the ticket number here and we will update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page