The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim SMTP Authentication Errors

Discussion in 'E-mail Discussions' started by eMtnMan, Oct 15, 2003.

  1. eMtnMan

    eMtnMan Member

    Joined:
    Sep 15, 2003
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I am using the latest stable versions of cPanel and WHM. When I send an email from my PC with Outlook 2k and SMTP authentication (using the new Exim server) to AOL, it never arrives. Now that I have RBL working, when I send an email using the new server, dynablock rejects the message because it thinks I'm sending it from my PC, using a local (dynamic DNS) SMTP server! When I send the same message using my old sendmail server, the header is more complex and includes and "authenticated" statement that I don't see in the new header. Examples included below.... Can anyone help me with this?

    Thanks!

    Paul

    -------------------------------------------
    WHM 8.5.1 cPanel 8.5.3-S3 Exim 4.24
    RedHat 7.3 - WHM X v2.1.1
    -------------------------------------------

    I've tried these fixes already:
    /scripts/ fixeverything
    /scripts/convertemails
    /scripts/convertemails2
    /scripts/convertemails5
    /scripts/mailperm
    /scripts/fixrelayd
    /etc/rc.d/init.d/antirelayd restart
    service exim restart

    Dynablock Error
    2003-10-15 01:42:31 H=(mypc) [148.63.135.73] F=<eMtnMan@mynewdomain.com> rejected RCPT <eMtnMan@mynewdomain.com>: Message rejected because your server (148.63.135.73) is a blacklisted SPAM source at dynablock.easynet.nl

    Header from New Exim Server
    Received: from [148.63.135.73] (helo=mypc)
    by whm.mynewserver.com with asmtp (Exim 4.24)
    id 1A9hGL-0007GB-HM
    for eMtnMan@mynewdomain.com; Wed, 15 Oct 2003 01:44:11 -0700
    From: "Paul" <eMtnMan@mynewdomain.com>
    To: <eMtnMan@mynewdomain.com>
    Subject: Now - Powerful Anti-Aging Breakthrough
    Date: Wed, 15 Oct 2003 01:46:04 -0700
    Message-ID: <PIEPKAKOCKGJKPMGNGOMKEJIOAAA.eMtnMan@mynewdomain.com>
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0078_01C392BE.182B0560"


    Header from Old Sendmail Server
    Return-path: <newdomainadmin@whm.mynewserver.com>
    Envelope-to: eMtnMan@mynewdomain.com
    Delivery-date: Wed, 15 Oct 2003 05:35:17 -0700
    Received: from newdomainadmin by whm.mynewserver.com with local-bsmtp (Exim 4.24)
    id 1A9ks1-0007uW-0J
    for eMtnMan@mynewdomain.com; Wed, 15 Oct 2003 05:35:17 -0700
    Received: from [216.12.211.216] (helo=ns1.myoldserver.com)
    by whm.mynewserver.com with esmtp (TLSv1:DES-CBC3-SHA:168)
    (Exim 4.24)
    id 1A9ks0-0007uS-UZ
    for eMtnMan@mynewdomain.com; Wed, 15 Oct 2003 05:35:16 -0700
    Received: from mypc (vsat-148-63-135-73.c189.t7.mrt.myisp.net [148.63.135.73])
    (authenticated (0 bits))
    by ns1.myoldserver.com (8.11.6/8.11.6) with ESMTP id h9FCrgB24917
    for <eMtnMan@mynewdomain.com>; Wed, 15 Oct 2003 05:53:43 -0700
    Reply-To: <webmaster@myoldserver.com>
    From: "Webmaster - www.myoldserver.com" <webmaster@myoldserver.com>
    To: <eMtnMan@mynewdomain.com>
    Subject: Now - Powerful Anti-Aging Breakthrough
    Date: Wed, 15 Oct 2003 05:37:03 -0700
    Message-ID: <PIEPKAKOCKGJKPMGNGOMGEJPOAAA.webmaster@myoldserver.com>
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0000_01C392DE.5CF71EC0"
     
    #1 eMtnMan, Oct 15, 2003
    Last edited: Oct 16, 2003
  2. Noldar

    Noldar Well-Known Member

    Joined:
    Jun 26, 2002
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Ponchatoula, LA
    Try adding

    !hosts = +relay_hosts

    under the

    dnslists =

    line. That should prevent the rbl checks on users sending through your smtp server.

    Richard

    cPanel.net Support Ticket Number:

    cPanel.net Support Ticket Number:
     
  3. eMtnMan

    eMtnMan Member

    Joined:
    Sep 15, 2003
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    UPDATE: Further testing with AOL Shows that everything now works fine... SEE HowTo BELOW!

    Thanks Noldar!

    Thanks again,

    Paul
     
    #3 eMtnMan, Oct 15, 2003
    Last edited: Oct 16, 2003
  4. eMtnMan

    eMtnMan Member

    Joined:
    Sep 15, 2003
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    .
     
    #4 eMtnMan, Oct 15, 2003
    Last edited: Oct 16, 2003
  5. pagedeveloping

    pagedeveloping Well-Known Member

    Joined:
    Jun 11, 2003
    Messages:
    219
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New York
    Which IP is being rejected here?
    Your ISP or your Servers IP?

    If it is your servers IP than all you need to do is ask your NOC for an IP out of that range and than add an Interface line to exim.conf and exim_outgoing.conf

    just look for

    remote_smtp:
    driver = smtp

    and add the following:

    remote_smtp:
    driver = smtp
    interface = your new ip address

    save them both and restart exim and tell AOHELL that they can byte that!

    If this is your ISP IP than you need to look for another ISP

    Reagrds,

    cPanel.net Support Ticket Number:
     
  6. eMtnMan

    eMtnMan Member

    Joined:
    Sep 15, 2003
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    UPDATE: Further testing with AOL Shows that everything now works fine... SEE HowTo BELOW!

    At first I thought it was my server's IP, and I jumped through a bunch of hoops to get my server whitelisted with AOL...

    Once I saw these bounces from DynaBlock, it became clear that Exim considered my PC an SMTP server... If I sent the same message through my old Ensim Sendmail server to the same account on my new server, I had no problem... Yes, my sendmail server also uses the same RBL and DynaBlock settings.

    It now appears that the difference was in the different way Exim handles the relay PC's when sending email. Not a bad idea for some RBL's, but DEADLY for DynaBlock or any other blocking source for Dynamic IP addresses.

    Thanks to Noldar, everything now works great!

    Thanks for your comments,

    Paul

    cPanel.net Support Ticket Number: 26526
     
    #6 eMtnMan, Oct 15, 2003
    Last edited: Oct 16, 2003
  7. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Interesting tweak and glad to hear it helped sort out the problem.

    Two questions:

    1) I noticed no line break was included in your post, eMtnMan.

    you have

    relays.ordb.org
    !hosts = +relay_hosts

    should it not be:

    relays.ordb.org : \
    !hosts = +relay_hosts


    2) With regard to #1, would it not be faster to use:

    dnslists = !hosts = +relay_hosts : \
    dnsbl.njabl.org : \
    etc...

    instead of the way you posted? It would be more in line with what Noldar suggested; or did you already try it that way and ran into problems?

    cPanel.net Support Ticket Number:
     
  8. Noldar

    Noldar Well-Known Member

    Joined:
    Jun 26, 2002
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Ponchatoula, LA
    The line

    !hosts = +relay_hosts

    is separate from the

    dnslists =

    line. So what eMtnMan has is correct. For example, mine looks like this.

    # RBL List Begin
    deny message = Rejected: $sender_host_address black listed at $dnslist_domain $dnslist_text
    dnslists = blackholes.easynet.nl : \
    dynablock.easynet.nl : \
    proxies.blackholes.easynet.nl : \
    dnsbl.njabl.org : \
    list.dsbl.org : \
    dnsbl.sorbs.net : \
    bl.spamcop.net : \
    cbl.abuseat.org
    !hosts = +relay_hosts
    domains = +use_rbl_domains
    # RBL List End

    The !hosts line tells exim to only do the RBL check if the sender is not in the relay_hosts file. Users sending mail through the server should be listed in the relay_hosts file. The domains line tells exim to only do the RBL check if the receiving domain is listed in the use_rbl_domains file. That allows me to control which domains will filter their mail through the RBL check.

    Richard

    cPanel.net Support Ticket Number:
     
  9. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Ok, understood and thanks for the explaination.

    Must be a somewhat customized exim.conf though, as mine (mostly default) shows:

    ..
    dynablock.wirehub.net : \

    deny local_parts = ^.*[@%!/|]
    message = I've never seen @, %, !, /, or | used like that in an eMail. Neither should you.

    accept domains = +local_domains
    accept domains = +relay_domains
    accept hosts = +relay_hosts


    Is it possible that your config speeds up Exim (which would be a good thing) when it comes to checking IPs and RBLs and that you can whitelist IP addresses? I've tried a few variations and have not yet got a white list working -- which would be most handy indeed.

    cPanel.net Support Ticket Number:
     
  10. eMtnMan

    eMtnMan Member

    Joined:
    Sep 15, 2003
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    HowTo: RBL or DNSBL with Exim - INCLUDES: RBL Bypass, RBL Whitelist, eMail Blacklist

    With many thanks to Richard (Noldar), for his invaluable suggestions...
    Router section blacklist courtesy of "Server Setup Tips" thread...


    This is my micro-howto for how I set up RBL using the Exim Configuration Editor...
    SUGGESTIONS? Please email me and I will edit this howto to reflect your suggestions...

    UPDATES:
    Added Postmaster and Abuse bypass to ACL Section (thanks Noldar)
    Normalized file names to start with RBL

    TESTED WITH VERSIONS
    -------------------------------------------
    WHM 8.5.1 cPanel 8.5.3-S3 Exim 4.24
    RedHat 7.3 - WHM X v2.1.1
    -------------------------------------------

    ------------------------
    Creating lsearch files
    *****************

    Create three text files in the /etc directory:
    /etc/rblblacklist
    /etc/rblbypass
    /etc/rblwhitelist


    SAMPLE DATA
    /etc/rblblacklist is a manual blacklist, it rejects specific spammer hosts BEFORE they can send more email to your server:
    domain1.com
    domain2.com
    domain3.com


    /etc/rblbypass bypasses RBL email testing for specific destination (local) domains that don't want RBL filtering or prefer SpamAssassin tagging:
    domain1.com
    domain2.com
    domain3.com


    /etc/rblwhitelist blocks RBL email testing for listed incoming hosts, (wildcards allowed), in case an important client's mailserver is listed on an RBL you use, also automatically excludes relayhosts:
    mail.domain1.com
    *.domain2.com
    *.domain3.com



    -------------------------------------
    EXIM CONFIGURATION EDITOR
    -------------------------------------


    If you use the WHM-based Exim Configuration Editor, all of your modifications will be reproduced after each update. If you edit exim.conf directly, cPanel updates MAY overwrite your changes! Because of this, the following changes should be entered using the Exim Configuration Editor.

    --------------------------
    Setting up lsearch files
    *******************

    At the top of the editor, in the window below:
    #!!# cPanel Exim 4 Config

    Enter these lines:
    domainlist rbl_blacklist = lsearch;/etc/rblblacklist
    domainlist rbl_bypass = lsearch;/etc/rblbypass
    hostlist rbl_whitelist = lsearch;/etc/relayhosts : partial-lsearch;/etc/rblwhitelist


    -----------------------------
    RBL entries in ACL Section
    *********************

    RBL selection depends on many factors, be sure to edit the list below to reflect your priorities... Postmaster and abuse bypass allows blocked users to contact admin.

    In the center window of the ACL section, directly below the line:
    accept hosts = :

    Enter these lines:
    #**#
    #**# RBL List Begin
    #**#
    #
    # Always accept mail to postmaster & abuse in any local domain
    #
    accept domains = +local_domains
    local_parts = postmaster:abuse
    #
    # Check sending hosts against DNS black lists.
    # Reject message if address listed in blacklist.
    deny message = Message rejected because $sender_fullhost \
    is blacklisted at $dnslist_domain see $dnslist_text
    dnslists = dnsbl.njabl.org : \
    bl.spamcop.net : \
    blackholes.easynet.nl : \
    dynablock.easynet.nl : \
    proxies.blackholes.easynet.nl : \
    sbl.spamhaus.org : \
    list.dsbl.org : \
    cbl.abuseat.org : \
    relays.ordb.org
    # RBL Bypass Local Domain List
    !domains = +rbl_bypass
    # RBL Whitelist incoming hosts
    !hosts = +rbl_whitelist
    #**#
    #**# RBL List End
    #**#



    ------------------------------------
    RBL entries in ROUTERS Section
    **************************

    In the ROUTERS section window, directly below the line:
    # in the "local_domains" setting above.

    Enter these lines:
    # Deny and send notice to list of rejected domains.
    reject_domains:
    driver = redirect
    # RBL Blacklist incoming hosts
    domains = +rbl_blacklist
    allow_fail
    data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.



    --------------------------------
    RBL Testing and Verification
    ***********************

    Once your file changes are in place, be sure to keep an eye out for errors... missing files and other errors will be listed here:
    tail -50 /var/log/exim_paniclog

    You can view your spam filtering by reviewing the reject log:
    tail -50 /var/log/exim_rejectlog

    If your RBL tests include sbl.spamhaus.org, you can test the blacklist and whitelist functions by sending an email, USING THE MAILSERVER YOU WISH TESTED, to: nelson-sbl-test@crynwr.com

    It will attempt to send an email from mailserver sbl.crynwr.com, which is blacklisted in sbl.spamhaus.org

    If the blacklist works, you'll get an email that looks something like this:

    Subj: Your SBL test report
    Testing your SBL block. See http://www.crynwr.com/spam/ for more info.
    Please note that this test will not tell you if your server is open for
    relaying. Instead, it tests to see if your server blocks email from IP
    addresses listed in various blocking lists; in this case, the SBL list.

    Here's how the conversation looked from sbl.crynwr.com.
    Note that some sites don't apply the SBL block to postmaster, so
    I use your envelope sender as the To: address.

    I connected to 64.246.24.14 and here's the conversation I had:

    220-whm.yourserver.com ESMTP Exim 4.24 #1 Thu, 16 Oct 2003 08:23:23 -0700
    220-We do not authorize the use of this system to transport unsolicited,
    220 and/or bulk e-mail.
    helo sbl.crynwr.com
    250 whm.yourserver.com Hello sbl.crynwr.com [192.203.178.107]
    mail from:<>
    250 OK
    rcpt to:<eMtnMan@yourdomain.com>
    550-Message rejected because sbl.crynwr.com [192.203.178.107] is blacklisted at
    550 sbl.spamhaus.org see http://www.spamhaus.org/SBL/sbl.lasso?query=SBLTEST
    Terminating conversation


    If the RBL block fails, you'll receive TWO emails:

    Subj: Your SBL test report
    Testing your SBL block. See http://www.crynwr.com/spam/ for more info.
    Please note that this test will not tell you if your server is open for
    relaying. Instead, it tests to see if your server blocks email from IP
    addresses listed in various blocking lists; in this case, the SBL list.

    Here's how the conversation looked from sbl.crynwr.com.
    Note that some sites don't apply the SBL block to postmaster, so
    I use your envelope sender as the To: address.

    I connected to 64.246.24.14 and here's the conversation I had:

    220-whm.yourserver.com ESMTP Exim 4.24 #1 Thu, 16 Oct 2003 08:19:44 -0700
    220-We do not authorize the use of this system to transport unsolicited,
    220 and/or bulk e-mail.
    helo sbl.crynwr.com
    250 whm.yourserver.com Hello sbl.crynwr.com [192.203.178.107]
    mail from:<>
    250 OK
    rcpt to:<eMtnMan@yourdomain.com>
    250 Accepted
    data
    354 Enter message, ending with "." on a line by itself
    From: nelson-SBL-test@crynwr.com
    To: eMtnMan@yourdomain.com
    Date: Thu, 16 Oct 2003 15:19:46 -0000
    Message-Id: <1066317586@sbl.crynwr.com>

    Test message
    .
    250 OK id=1AA9uj-0005xq-2l
    quit
    Successful termination. As far as I can tell, the email was delivered.
    That might not be what you want.

    Subj: (BLANK)
    Uh-oh, your SBL block is not working!



    ------------------
    RBL Log Counts
    *************

    I use this script to count the log hits for various RBL's, you should change it to reflect your RBL's and error syntax. Mine relies on the unique word "blacklisted" in every RBL bounce entry.

    Assuming the script is called spam, after you:
    chmod 755 spam
    ... it can be executed with: ./spam

    SAMPLE SCRIPT:
    grep "blacklisted" /var/log/exim_mainlog -i > kilme
    tail -100 kilme
    tail /var/log/exim_paniclog
    printf "\n"
    printf "Spam Count = "
    grep "blacklisted" kilme -c -i
    printf "njabl.org = "
    grep "njabl.org" kilme -c
    printf "spamcop = "
    grep "bl.spamcop" kilme -c
    printf "easynet = "
    grep "easynet" kilme -c
    printf "spamhaus = "
    grep "sbl.spamhaus" kilme -c
    printf "dsbl.org = "
    grep "dsbl" kilme -c
    printf "abuseat = "
    grep "abuseat.org" kilme -c
    printf "ordb.org = "
    grep "ordb" kilme -c
    printf "Manual = "
    grep "manual" kilme -c
    printf "verify fail= "
    grep "verify fail" /var/log/exim_mainlog -c
    printf "No Relay = "
    grep "not permitted" /var/log/exim_mainlog -c
    printf "\n"
    printf "All Spam: \n"
    zgrep -ci "blacklisted" /var/log/exim_mainlog*
    printf "\n"



    HOPE THIS HELPS!


    cPanel.net Support Ticket Number: FIXED!
     
    #10 eMtnMan, Oct 16, 2003
    Last edited: Oct 22, 2003
  11. Solokron

    Solokron Well-Known Member

    Joined:
    Aug 8, 2003
    Messages:
    849
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle
    cPanel Access Level:
    DataCenter Provider
    Re: HowTo: RBL or DNSBL with Exim - INCLUDES: RBL Bypass, RBL Whitelist, eMail Blacklist

    It looks like the latest cpanel build is effecting this on all of our servers.

    Users that are members of blacklisted networks that ARE using outgoing authentication are immediately receiving 503 internal server errors with any sending of email.

    Viewing the exim_mainlog sure enough shows exim bouncing them back because they are part of blacklisted networks.

     
  12. SiteShack

    SiteShack Member

    Joined:
    Aug 22, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    For those that are having their legit customers being blocked because they are listed in the RBL you are using add the following. This will allow authenticated users to send email from your server.

    Add this after your dnslist = sbl.whatever.com

    !authenticated = *

    Hope this helps others.
     
Loading...

Share This Page