The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim Urgent

Discussion in 'General Discussion' started by Hercio Neto, Sep 27, 2004.

  1. Hercio Neto

    Hercio Neto Member

    Joined:
    Aug 23, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Somebody could order one to me exim.conf that it functions?
    I do not know more what to make because no matter how hard I arrange they appear new errors, already I reinstalled exim and exactly thus I continue not to send nor to receive e-mails. Please it is urgent!
    send to hercio@netcon.com.br

    WHM 9.4.0 cPanel 9.4.1-S65
    Fedora - WHM X v3.1.0
     
  2. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    Why not start with the default setup? Just go to WHM, the Exim configurator, add a line save, then edit and remove that line and save. You will have a fresh, out of the box, setup - as long as any other lines you added are not showing in the advanced view.
     
  3. eurorocco

    eurorocco Well-Known Member

    Joined:
    Jun 23, 2003
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    Default exim.conf is a catastrophe

    The latest release and stable Cpanel versions I've tried are a catastrophe. It seems Exim is trying to "verify senders" to reduce spam, but it really flunks when receiving legitimate mail and flunks when sending email forcing the "on behalf of".

    While the wrinkles are worked out in Exim we have to turn off all "verify senders" in the exim.conf file. Better to receive spam than to have customers complaining about email not arriving and not receiving email myself.

    I am not an exim expert, but here are the four snippets showing the verify that I had to comment out. Take this with a big grain of salt.

    --------------one
    #CATASTROPHE
    # message = "The recipient cannot be verified. Please check all recipients of\
    this message to verify they are valid."
    # verify = recipient

    --------------two

    #CATASTROPHE
    # require verify = sender
    accept domains = +local_domains
    endpass

    ---------------three

    #!!# ACL that is used after the DATA command
    check_message:
    #CATASTROPHE
    # require verify = header_sender
    accept

    ------------four
    #nobody as the sender seems to annoy people
    untrusted_set_sender = *
    #CATASTROPHE
    local_from_check = false
    rfc1413_query_timeout = 2s

    I saw a couple of threads in the Cpanel forums where the moderators banned people complaining about this issue, and locked the associated discussion threads. I do not understand why they did it, but I take it this topic isn't quite welcome. My intention here isn't to flame anyone, but to comment and learn about possible workarounds and solutions. Cpanel is an outstanding achievement, but I wish the Cpanel team were a bit more conservative when sending updates down the pipe.

    I am myself looking for an Exim professional expert who can furnish a good exim.conf for Cpanel.

    Hope it helps!

    ER
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Personally, I've never had any problems whatsoever with cPanel's default ACL's in the exim configuration. All I've added is my dictionary attack ACL to bounce obvious spammers so far as the ACL configuration is concerned. The veryify recipients ACL should only help, and if the sending server is correctly configured, the verify senders should always work. If you have problems with that, there's no need to edit the exim configuration as you can turn that off within WHM.
     
    BenThomas likes this.
  5. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    I agree with chirpy. The Cpanel standard conf file is alomost identical to Exim's. and as to the examples that eurorocco gave:

    1. Why try to send email to senders that do not exist.

    2. Accept mail to only your local domains, Naw - I want to accept mail to Hotmail.com :rolleyes:

    3. I want to make sure that the person sending email through my server is an authorized account. Why should I be an open relay?

    4. Nobody as sender. Most companies and systems treat nobody@mydomain.com as a SPAM/virus return address.


    For more info - search exim.org's docs and see the exim users group.

    I usually have more than on 500,000 pieces of mail a week. None of those setups have caused me a problem. I have added even more restrictions to prevent spam (DNSRBL and ClamAV) and have no problems or complaints from clients.
     
  6. eurorocco

    eurorocco Well-Known Member

    Joined:
    Jun 23, 2003
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    Brief clarification...

    Well, the issue was that exim as it came was refusing email coming from domains on our servers to domains on our servers, even from a domain in one server to another domain in the same server.

    While the exim verification gets tougher we have to figure out why Chirpy and you get good results and we dont. We are fixing our MX records for all servers, which is part of the problem, specially now that all email seems to go out like adminuser@servername when coming from php or cgi scripts. Once we fix the MX records we will try the most default of the exim.conf files.

    Chirpy is right, but we don't quite get the same results.

    We have no problem sending email to hotmail or yahoo, say.

    But all form-generated emails were getting stuck in the mail queue failing with the infamous 550 admin prohibition or the temporary local problem.

    Thanks to all for the info!

    ER
     
  7. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    Read up on suexec and phpsuxec. I think those will solve your problems - if they are both enabled. They definitely get rid of the nobody's... I run several differnet scripts and they all work fine. had probs with bounces on php - until I setup phpsuexec.
     
  8. Arsalan

    Arsalan Well-Known Member

    Joined:
    Jan 5, 2002
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    This is a REAL issue..

    I just found out now that mail to my own very box was being rejected....
     
  9. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    and the reason why is......

    How about a log entry if you want some help with this?
     
  10. eurorocco

    eurorocco Well-Known Member

    Joined:
    Jun 23, 2003
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    By the way... Our exim.conf.okay.miracle

    Well, the factory-default exim.conf is now working after we fixed the MX records for the servers. For instance, if your server is jupiter.blablabla.com then when you do a dig -t mx jupiter.blablabla.com it must return jupiter.blablabla.com and its IP must match your server IP.

    Before, things were just okay when the MX record for the domain sending out the emails was okay. Now, the server MX must also be right.

    Also, we turned off verification on the WHM on the Exim Configuration Editor, the basic view. We rather get more spam than not getting those "You Got Cash" emails. :) So be it.

    One thing we are doing now is testing sending and receiving email formally every day, specially now that we're tweaking things.

    Good luck!

    ER
     
  11. Arsalan

    Arsalan Well-Known Member

    Joined:
    Jan 5, 2002
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Here is an example of a mail being rejected... And this was to a CRITICAL account...

    ----- The following addresses had permanent fatal errors -----
    <user@domain.com>
    (reason: 550-"The recipient cannot be verified. Please check all
    recipients of this)

    ----- Transcript of session follows -----
    ... while talking to domain.com.:
    >>> DATA
    <<< 550-"The recipient cannot be verified. Please check all recipients of
    this
    <<< 550 message to verify they are valid."
    550 5.1.1 <user@domain.com>... User unknown
    <<< 503 valid RCPT command must precede DATA
     
  12. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    You have to give more information to see what is happening.

    1. Sender email address.
    2. What server is sender on- yours or not?
    3. If yours - is pop or forward?
    4. Recipient email address.
    5. Is it only one email address - or is there cc's or bcc's
    6. What server is recepient on - yours or another.
    7. If yours - is pop or forward?

    That message could mean anything without that info. Too many questions, not enough answers.


    Yes, you can obviscate (spelling? cannot remember today) but we still need to know user1 user2, etc.
     
  13. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    You have to give more information to see what is happening.

    1. Sender email address.
    2. What server is sender on- yours or not?
    3. If yours - is pop or forward?
    4. Recipient email address.
    5. Is it only one email address - or is there cc's or bcc's
    6. What server is recepient on - yours or another.
    7. If yours - is pop or forward?

    That message could mean anything without that info. Too many questions, not enough answers.


    Yes, you can disguise addresses but we still need to know user1 user2, etc.
     
Loading...

Share This Page