Making Exim deliver incoming email on non-standard port
- Thread starter meeven
- Start date
I'm not sure how you would do it, but you would have to use port 25 as a control port. You would then need to run two different versions of Exim on your server and configure the daemon that is listening on port 25 to read the message and determine which exim version to send the message to.
I don't know specifically how you would accomplish this, but that is the only way that I believe it would be possible.
There's no mechanism in place to tell remote mail servers to connect to another, non port 25 port when sending a message to a particular domain. Port 25 is the standard SMTP port, and it is what all other mail servers are going to want to go connect to.
I don't know specifically how you would accomplish this, but that is the only way that I believe it would be possible.
There's no mechanism in place to tell remote mail servers to connect to another, non port 25 port when sending a message to a particular domain. Port 25 is the standard SMTP port, and it is what all other mail servers are going to want to go connect to.
Thanks, sparek-3.
I found this page that seems to suggest it's possible without running multiple instances of Exim: http://www.khiltd.com/Downloads/cpaneltricks.html
However, I am unable to find that line to edit in the latest WHM in Exim's configuration editor. Should I look elsewhere?
Even assuming this is possible, that's just the first step. I too am not sure how to configure the mail server to accept email for specific domains on the non-standard port and reject it on 25.
I found this page that seems to suggest it's possible without running multiple instances of Exim: http://www.khiltd.com/Downloads/cpaneltricks.html
However, I am unable to find that line to edit in the latest WHM in Exim's configuration editor. Should I look elsewhere?
Even assuming this is possible, that's just the first step. I too am not sure how to configure the mail server to accept email for specific domains on the non-standard port and reject it on 25.
In WHM
hit the link for service manager
at the bottom is a place to add a second port for exim
you can put whatever you want there and then only give it to the clients that need it,
we are using this method to deal with the ISP's like comcast blocking outgoing access to port 25
hit the link for service manager
at the bottom is a place to add a second port for exim
you can put whatever you want there and then only give it to the clients that need it,
we are using this method to deal with the ISP's like comcast blocking outgoing access to port 25
Thanks, merlinpa. I am aware of that option, but as mentioned in the page I linked to, this would waste server resources unnecessarily.
Unless the page above is very old, it seems strange that WHM's exim configuration editor doesn't show that particular line for adding a non-standard port for the smtp daemon.
Unless the page above is very old, it seems strange that WHM's exim configuration editor doesn't show that particular line for adding a non-standard port for the smtp daemon.
You can simply add the daemon_smtp_ports directive in the WHM Advanced Exim Editor to the first text box and open the firewall for the non-standard port.
Obviously doesn't solve your initial requirement and the difficult of it that sparek-3 has outlined.
Obviously doesn't solve your initial requirement and the difficult of it that sparek-3 has outlined.
Thank you for the tip. Is the first text box the one just below, #!!# cPanel Exim 4 Config where it has the following:You can simply add the daemon_smtp_ports directive in the WHM Advanced Exim Editor to the first text box and open the firewall for the non-standard port.
Or, is it the empty text box below begin acl?queue_only_override = false
no_message_logs
log_selector = +arguments +subject
timeout_frozen_after = 4d
ignore_bounce_errors_after = 2d
Yes, this does seem a challenge and look like it can only be accomplished on the lines of what sparek-3 suggested. But, couldn't this be done using firewall settings? For example, CSF has the following settings:Obviously doesn't solve your initial requirement and the difficult of it that sparek-3 has outlined.
So, if I get the smtp daemon listening on a non-standard port in Exim and then configure this port as the one to which incoming mail traffic from a specific IP address/range should be delivered, wouldn't that solve the problem?10. Advanced Allow/Deny Filters
##############################
In /etc/csf.allow and /etc/csf.deny you can add more complex port and ip
filters using the following format (you must specify a port AND an IP address):
tcp/udp:in/out:s/d=port:s/d=ip:u=uid
Broken down:
tcp/udp : EITHER tcp OR udp protocol
in/out : EITHER incoming OR outgoing connections
s/d=port : EITHER source OR destination port number
(use a _ for a port range, e.g. 2000_3000)
s/d=ip : EITHER source OR destination IP address
u/g=UID : EITHER UID or GID of source packet, implies outgoing connections,
s/d=IP value is ignored
Examples:
# TCP connections inbound to port 3306 from IP 11.22.33.44
tcp:in:d=3306:s=11.22.33.44
Or, am I missing something else that needs to be done on the mailserver?
Actually, the background to the whole story is that some of my hosting clients use both Postini and MXLogic. To prevent spammers from bypassing the filtering service, I am asked to specify their IP ranges as the only ones from which the server will accept incoming mail traffic. The problem is that this will shut off email for all the other domains on the VPS that do not use the filtering service. When I looked for a workaround, I was told this:
On trick you can do is to restrict your firewall for inbound email but for a port like 4025 that is different than the usual SMTP port (leave 25 unrestricted). Then, configure your email server to accept email for the mxlogic domains on 4025 and for them to reject it on 25. Then configure mxlogic to deliver to your servers on port 4025 instead of 25.
If you are doing this IP based, then you might be able to accomplish this with iptables and redirecting traffic.
You may be able to redirect something that is sent to port 25 on 192.168.0.10 to port 4283 on 192.168.0.20.
But if it is strictly domain based, then you would have to have some type of controlling unit in place because the domain name would only be read at the application layer.
I'm not sure if this is possible or not, or how difficult it would be. I'm not an expert in iptables rules. You might search google for iptables and redirect and see if you can find something. Someone else on the forum that has a better understanding of iptables might be able to offer more help.
You may be able to redirect something that is sent to port 25 on 192.168.0.10 to port 4283 on 192.168.0.20.
But if it is strictly domain based, then you would have to have some type of controlling unit in place because the domain name would only be read at the application layer.
I'm not sure if this is possible or not, or how difficult it would be. I'm not an expert in iptables rules. You might search google for iptables and redirect and see if you can find something. Someone else on the forum that has a better understanding of iptables might be able to offer more help.
