The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

exim

Discussion in 'General Discussion' started by anand, May 18, 2003.

  1. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    I am not sure what is causing this, so need help with this.

    Normally any email send through the server SMTP gets some headers attached to it no matter wat the mail is

    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - $primary_hostname
    X-AntiAbuse: Original Domain - $original_domain
    X-AntiAbuse: Originator/Caller UID/GID - [$originator_uid $originator_gid] / [$caller
    _uid $caller_gid]
    X-AntiAbuse: Sender Address Domain - $sender_address_domain

    Now i see that these headers are not being added to any mails being send. I have checked on three boxes of mine which give me the same results. Any ideas why these headers are not being added ??

    Also there is something more which was pointed to me by a user of mine. Now when any pop user auths and downloads his mail, the user is allowed to relay mails from the server for another 30 mins without authentication for the smtp. This is causing troubles at my customers place. How do i reduce this time ? Or remove this altogether ? The file which stores these ips temporarily is /etc/relayhosts. One possible solution could be delete relayhosts and symlink to /dev/null. This way no ips can get added to it. But its not a gud one. Can someone give a better one ?
     
  2. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    you could remove antirelayd (or better kill it then do >antirelayd then chatter +i it) so it no longer updates relayhosts and thus only allow mail which is sent from the actual server (e.g. from a php/perl script)

    Or alternatively you could edit the line in antirelayd saying $exptime = (time() - (60*30)); (which i belive is the offending line)
     
  3. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    Best of all i removed the entire function which actualy made the relayhosts file. Now i restarted exim. But still the user is able to relay without authentication. :confused:
     
  4. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    any ideas why the anti-abuse headers are not being added ??
     
  5. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    Do /usr/sbin/exim -d9 -bh ip.address that will you to simulate a smtp conversation from that ip address to see how exim is handling it

    For the anti-abuse headers have you looked in exim.conf in the section beginning lookuphost: there should be line saying headers_add then all the anti-abuse stuff
     
  6. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    would try the exim thing and let you know.

    As for the antiabuse, i saw the headers add stuff, but the confusion is why is exim still not adding them ?? :confused:

    anyone care to let me a copy of their exim.conf ??
     
  7. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    now i have strange problems with this box

    when i use squirrelmail, i get while sending mail
    Server replied: 421 Unexpected failure, please try later

    and when i use outlook to relay mails without any smtp authentication, it relays mails.

    any ideas ??
     
  8. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    Not entirely sure about that anitabuse thing as i haven't seen it occur before personally (the problem that is of course)

    You could check that exim is not confused about where its meant to be reading the path by doing /usr/sbin/exim -bP configure_file

    You could also check your exim.conf against the base exim.conf by grabbing say the 140 exim rpm frm http://ftp.cpanel.net/sysup/generic/exim/ then doing rpm2cpio rpm|cpio -id (or you can reinstall if you wish I personally like to keep my rpm db free of dupes or you could skip this entirely by running one of the *exim scripts in /scripts) then examine the exim.conf in etc/ directory (or if you have reinstalled the rpm/ran a script from /scripts you can skip this step)

    I generally found that the unexpected failure message is the result of a command or output of the query is different what the exim was thinking it would be (hence the unexpected bit) this could be caused by say checking to see weather a entry is in a list but instead getting the list back, the specfic error is generally logged in the main / panic logs
     
  9. aress24x7

    aress24x7 Member

    Joined:
    Aug 2, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Still Relaying without SMTP authentication

    I have tried the following ACL code for SMTP authentication in Exim 4.2.x

    *********************************
    acl_smtp_rcpt = check_recipient
    acl_smtp_data = check_message


    domainlist local_domains = lsearch;/etc/localdomains

    domainlist relay_domains = lsearch;/etc/localdomains : \
    lsearch;/etc/secondarymx
    hostlist relay_hosts = lsearch;/etc/relayhosts : \
    localhost
    hostlist auth_relay_hosts = *



    begin acl


    #!!# ACL that is used after the RCPT command
    check_recipient:
    # Exim 3 had no checking on -bs messages, so for compatibility
    # we accept if the source is local SMTP (i.e. not over TCP/IP).
    # We do this by testing for an empty sending host field.
    accept hosts = :
    require verify = sender
    accept domains = +local_domains
    accept domains = +relay_domains
    accept hosts = +relay_hosts
    accept condition = ${perl{checkrelayhost}{$sender_host_address}}

    accept hosts = +auth_relay_hosts
    endpass
    message = $sender_fullhost is currently not permitted to \
    relay through this server. Perhaps you \
    have not logged into the pop/imap server in the \
    last 30 minutes or do not have SMTP Authentication turned on in your email client.
    authenticated = *

    deny message = $sender_fullhost is currently not permitted to \
    relay through this server. Perhaps you \
    have not logged into the pop/imap server in the \
    last 30 minutes or do not have SMTP Authentication turned on in your email client.
    deny message = $sender_host_address is listed \
    at $dnslist_domain
    dnslists = spamhaus.relays.osirusoft.com : \
    proxy.relays.osirusoft.com : \
    socks.relays.osirusoft.com : \
    spamsites.relays.osirusoft.com : \
    spews.relays.osirusoft.com : \
    inputs.relays.osirusoft.com : \
    spamsources.relays.osirusoft.com : \
    dialups.relays.osirusoft.com : \
    list.dsbl.org : \
    flowgoaway.com : \
    dialups.visi.com : \
    blackholes.easynet.nl : \
    opm.blitzed.org
    deny local_parts = ^.*[@%!/|]
    message = I've never seen @, %, !, /, or | in an e-mail. Neither should you.
    drop domains = *.yahoo.com
    !verify = recipient
    message = I don't want yahoo mails.


    #!!# ACL that is used after the DATA command
    check_message:
    require verify = header_sender
    accept


    begin authenticators

    fixed_plain:
    driver = plaintext
    public_name = PLAIN
    server_condition = "${perl{checkuserpass}{$1}{$2}{$3}}"
    server_set_id = $1

    fixed_login:
    driver = plaintext
    public_name = LOGIN
    server_prompts = "Username:: : Password::"
    server_condition = "${perl{checkuserpass}{$1}{$2}}"
    server_set_id = $1

    ***************************************

    But still the users can send mails without SMTP authentication. Any help is appreciated...

    cPanel.net Support Ticket Number:

    cPanel.net Support Ticket Number:
     
  10. mmkassem

    mmkassem Well-Known Member

    Joined:
    Oct 21, 2002
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Egypt
    checking the pop server already gives the user auth. to send emails.

    I think it's cppop which adds the ip to the relayhosts if he checked his email.

    cPanel.net Support Ticket Number:
     
  11. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    I have solved this probs of smtp authentication. You can look at this post for solution.

    http://forums.cpanel.net/showthread.php?threadid=13102&goto=newpost

    I have tried this on 2 pcs with different pcs and it works for me. I can't send mails out unless i switch on smtp authentication. Remember follow the steps and don't forget to remove all the contents of /etc/relayhosts to start with and close your mail client first.

    Hope it works for you as well.

    cheers!

    cPanel.net Support Ticket Number:
     
  12. aress24x7

    aress24x7 Member

    Joined:
    Aug 2, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Thanks! But it didn't either help. Do you have anyother solution for this or do I need to tweak some more files for that.

    Please help!

    cPanel.net Support Ticket Number:
     
  13. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    Can u please explain what happened actually ?? I have the same solution working on atleast 5 boxes right now and they all working.

    ANother solution was posted by Website Rob:

    edit /usr/sbin/antirelayd

    Search for:
    sub writehosts {
    $exptime = (time() - (60*30));

    in the bottom of the file.

    Change the 30 to watever you want the authentication time to be. If you want users to authenticate everytime please put 0 instead of 30. I am not sure but i think you would need to chattr +i /usr/sbin/antirelayd so that next cpanel update doesn't everyrite it.

    cPanel.net Support Ticket Number:
     
  14. aress24x7

    aress24x7 Member

    Joined:
    Aug 2, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Really Worked...

    Thanks ! Anand

    That really worked ! Now I will keep those damn spammer away from my server.

    Cheers! :D

    cPanel.net Support Ticket Number:
     
  15. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    Re: Really Worked...

    Good for you, but you never explained wat happened with the first solution ?? Editing the exim.conf ?? I have tried it on so many boxes and it seems to be working fine on all of them.

    As for the solution credit it goes to Website Rob.

    cPanel.net Support Ticket Number:
     
  16. aress24x7

    aress24x7 Member

    Joined:
    Aug 2, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Yes Anand!

    First solution "editing Exim.conf" didn't worked for me.... when I implemented the the second soution along with the first one, it started working....

    Cheers

    cPanel.net Support Ticket Number:
     
  17. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    check it out again

    edit /etc/exim.conf

    Now locate:

    Code:
    
    hostlist relay_hosts = lsearch;/etc/relayhosts :  \
           localhost
    
    
    Change above to the following:

    Code:
    
    hostlist relay_hosts = localhost
    
    
    Save exim.conf and chattr +i /etc/exim.conf to protect it against any updates from cpanel.

    Don't forget to make changes to antirelayd to change it back to 30 minutes.

    Now restart exim and see if your authentication still works for 30 mins. It shouldn't.

    Anyways if it still doesn't work for you, the antirelayd solution surely does. I was kinda curious so i thought perhaps we can find out why it didn't work for you.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page