The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

opening up SMTP

Discussion in 'E-mail Discussions' started by ManuelT, Oct 27, 2005.

  1. ManuelT

    ManuelT Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    Hi, Im a very small ISP and web hosting company.

    up till recently all our customers have been small business so outgoing Email has not been an issue, however I've been looking at opening up our services to the home market so have to look at opening up the SMTP.

    We always give out a fixed IP, is there anyway of adding these in exim, so that they can use our SMTP?

    (P.S.) well soon be looking at giving email addresses but for the moment i just need to open up SMTP for out going but still trying to stop it becoming a totally open relay.

    many thanks for any help.
     
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    By default, Exim on a cPanel server won't be set to operate as an open relay and simply authenticates using one of two methods.

    The first, and most straightforward, is standard SMTP authentication whereby the user (obviously via their mail client) has to login to the SMTP server using their normal mail authentication details (i.e. email address and password).

    The second method, which can be enabled and disabled through WHM, is through POP before SMTP authentication. Using this method, the IP addresses of those who have checked mail using POP in the last 30 minutes are cached. SMTP requests from these IP addresses are then allowed.

    In short, there is nothing along the lines of adding allowed IP addresses that you would need to do to allow your users to send mail through your SMTP server(s).
     
  3. ManuelT

    ManuelT Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    when you auth your IP address is sorted by exim in /etc/relayhosts for 30 min's. i could add all the IP's to this but will they not be overwritten after 30 min's?

    i've done a little more testing and i can route mail if i add the IP's to /etc/relayhosts however they get deleted almost before i can test it. there must be another way of adding another file to check vs in Exim.conf.
     
    #3 ManuelT, Oct 31, 2005
    Last edited: Oct 31, 2005
  4. nisse

    nisse Well-Known Member

    Joined:
    Nov 11, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    If you want to limit the IPs that are allowed to use SMTP AUTH, you can add the following to your Exim config:

    auth_advertise_hosts = net-iplsearch;/etc/auth_relay_hosts

    Then add the allowed IPs to /etc/auth_relay_hosts, one per line.

    Exim will refuse AUTH commands from clients to which it has not advertised the availability of AUTH.
     
  5. movielad

    movielad Well-Known Member
    PartnerNOC

    Joined:
    May 14, 2003
    Messages:
    107
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    DataCenter Provider
    Incidently, if I disable the antirelayd (the POP before SMTP) daemon in the Services Manager - will Exim then only allow SMTP AUTH users and stop other people from relaying?

    Regards,

    Martyn
     
  6. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    The simplest answer to that being: yes!

    If in doubt, give it a try and see what happens.
     
  7. movielad

    movielad Well-Known Member
    PartnerNOC

    Joined:
    May 14, 2003
    Messages:
    107
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    DataCenter Provider
    Yes indeed, and checking the rules in exim.conf backs that up too. Now, what would be nice is to customise the anti-relay message that Exim displays whenever somebody tries to relay through the server without authenticating. Even if you disable antirelayd, you get the:

    Code:
    xxx is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
    
    message. Of course, I could alter exim.conf and chattr the file to stop cPanel from overwriting it whenever a new release is installed, but that's a hacky way. What would be good is to have that message somewhere that can be configured from within WHM and whenever a new config is installed, any changes made to Exim's config through the Exim Config Editor PLUS the custom message could then be kept with each new config that gets installed. That plus the ability to change the interface= option under the remote_smtp transport.

    In fact, more options to customise the Exim config would be greatly appreciated. [:)]

    M.
     
  8. neonix

    neonix Well-Known Member

    Joined:
    Oct 21, 2004
    Messages:
    124
    Likes Received:
    2
    Trophy Points:
    0
    This doesn't work as intended; if you restart exim; antirelayd still works after you have unchecked the daemon in service manager.

    chirpy has posted a solution but I can't seem to locate it now.
     
  9. movielad

    movielad Well-Known Member
    PartnerNOC

    Joined:
    May 14, 2003
    Messages:
    107
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    DataCenter Provider
    Can't see antirelayd running after disabling it and then restarting exim (and even cpanel - just in case), so perhaps it's either affecting a particular cPanel branch or OS. I don't know.

    M.
     
  10. ManuelT

    ManuelT Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    I've had a close look and solved the problem in the short term by using.

    accept hosts = X.X.X.X:

    but this means that the exim config is going to get very large.

    Is there anyway of checking this against a seperate file, rather then having to enter it in the config files?
     
Loading...

Share This Page