Making Exim deliver incoming email on non-standard port

meeven

Well-Known Member
May 8, 2007
132
2
168
Is there a way to make Exim deliver incoming email to specific domains on a non-standard port? That is, leave the usual Port 25 untouched for the other domains, but use a specific port for particular domains? I am using a VPS.
 

sparek-3

Well-Known Member
Aug 10, 2002
2,022
227
368
cPanel Access Level
Root Administrator
I'm not sure how you would do it, but you would have to use port 25 as a control port. You would then need to run two different versions of Exim on your server and configure the daemon that is listening on port 25 to read the message and determine which exim version to send the message to.

I don't know specifically how you would accomplish this, but that is the only way that I believe it would be possible.

There's no mechanism in place to tell remote mail servers to connect to another, non port 25 port when sending a message to a particular domain. Port 25 is the standard SMTP port, and it is what all other mail servers are going to want to go connect to.
 

meeven

Well-Known Member
May 8, 2007
132
2
168
Thanks, sparek-3.

I found this page that seems to suggest it's possible without running multiple instances of Exim: http://www.khiltd.com/Downloads/cpaneltricks.html

However, I am unable to find that line to edit in the latest WHM in Exim's configuration editor. Should I look elsewhere?

Even assuming this is possible, that's just the first step. I too am not sure how to configure the mail server to accept email for specific domains on the non-standard port and reject it on 25.
 

merlinpa1969

Well-Known Member
Dec 3, 2003
108
0
166
PA
cPanel Access Level
Root Administrator
In WHM
hit the link for service manager


at the bottom is a place to add a second port for exim

you can put whatever you want there and then only give it to the clients that need it,


we are using this method to deal with the ISP's like comcast blocking outgoing access to port 25
 

meeven

Well-Known Member
May 8, 2007
132
2
168
Thanks, merlinpa. I am aware of that option, but as mentioned in the page I linked to, this would waste server resources unnecessarily.

Unless the page above is very old, it seems strange that WHM's exim configuration editor doesn't show that particular line for adding a non-standard port for the smtp daemon.
 

sawbuck

Well-Known Member
Jan 18, 2004
1,365
10
168
cPanel Access Level
Root Administrator
You can simply add the daemon_smtp_ports directive in the WHM Advanced Exim Editor to the first text box and open the firewall for the non-standard port.

Obviously doesn't solve your initial requirement and the difficult of it that sparek-3 has outlined.
 

meeven

Well-Known Member
May 8, 2007
132
2
168
You can simply add the daemon_smtp_ports directive in the WHM Advanced Exim Editor to the first text box and open the firewall for the non-standard port.
Thank you for the tip. Is the first text box the one just below, #!!# cPanel Exim 4 Config where it has the following:

queue_only_override = false
no_message_logs

log_selector = +arguments +subject
timeout_frozen_after = 4d
ignore_bounce_errors_after = 2d
Or, is it the empty text box below begin acl?

Obviously doesn't solve your initial requirement and the difficult of it that sparek-3 has outlined.
Yes, this does seem a challenge and look like it can only be accomplished on the lines of what sparek-3 suggested. But, couldn't this be done using firewall settings? For example, CSF has the following settings:

10. Advanced Allow/Deny Filters
##############################

In /etc/csf.allow and /etc/csf.deny you can add more complex port and ip
filters using the following format (you must specify a port AND an IP address):

tcp/udp:in/out:s/d=port:s/d=ip:u=uid

Broken down:

tcp/udp : EITHER tcp OR udp protocol
in/out : EITHER incoming OR outgoing connections
s/d=port : EITHER source OR destination port number
(use a _ for a port range, e.g. 2000_3000)
s/d=ip : EITHER source OR destination IP address
u/g=UID : EITHER UID or GID of source packet, implies outgoing connections,
s/d=IP value is ignored

Examples:

# TCP connections inbound to port 3306 from IP 11.22.33.44
tcp:in:d=3306:s=11.22.33.44
So, if I get the smtp daemon listening on a non-standard port in Exim and then configure this port as the one to which incoming mail traffic from a specific IP address/range should be delivered, wouldn't that solve the problem?

Or, am I missing something else that needs to be done on the mailserver?

Actually, the background to the whole story is that some of my hosting clients use both Postini and MXLogic. To prevent spammers from bypassing the filtering service, I am asked to specify their IP ranges as the only ones from which the server will accept incoming mail traffic. The problem is that this will shut off email for all the other domains on the VPS that do not use the filtering service. When I looked for a workaround, I was told this:

On trick you can do is to restrict your firewall for inbound email but for a port like 4025 that is different than the usual SMTP port (leave 25 unrestricted). Then, configure your email server to accept email for the mxlogic domains on 4025 and for them to reject it on 25. Then configure mxlogic to deliver to your servers on port 4025 instead of 25.
 

sparek-3

Well-Known Member
Aug 10, 2002
2,022
227
368
cPanel Access Level
Root Administrator
If you are doing this IP based, then you might be able to accomplish this with iptables and redirecting traffic.

You may be able to redirect something that is sent to port 25 on 192.168.0.10 to port 4283 on 192.168.0.20.

But if it is strictly domain based, then you would have to have some type of controlling unit in place because the domain name would only be read at the application layer.

I'm not sure if this is possible or not, or how difficult it would be. I'm not an expert in iptables rules. You might search google for iptables and redirect and see if you can find something. Someone else on the forum that has a better understanding of iptables might be able to offer more help.