third exim port for unauthenticated mail

FreedomBI

Well-Known Member
Jul 7, 2008
65
0
56
I have someone who wants to send mail from an old scanner which is not capable of smtp authentication. Exim is running internally on the network on port 25 (protected by a spam-filtering mail server) and listening to the world on 587, requiring SMTP authentication to relay mail. I would like to set up a third port (access will be restricted by the firewall and ACL's) that does not require authentication to relay mail. I don't want to just enable for their IP, as that could open the way for spam-sending viruses on machines which share the same public IP as the scanner. Any pointers?
 

FreedomBI

Well-Known Member
Jul 7, 2008
65
0
56
I think I've got something on this. I think that to listen on a third port, I can set "Exim on another port" to something like "587:26" in the service manager. I haven't tried this yet, as I don't know if it does any filtering on the extra port number, or what will happen if it does. It's certainly not something to try during normal business hours.

If that works, I should be able to add an ACL based on $received_port and $host.
 

FreedomBI

Well-Known Member
Jul 7, 2008
65
0
56
My idea above did not work. It only pays attention to integers. However, once I realized that -oX overrides whatever is set in daemon_smtp_ports, I figured that I could just set that to 25:26 in the exim configuration.

With that, is there any real advantage to running a separate instance on port 587 instead of just setting daemon_smtp_ports to 25:26:587?
 

mtindor

Well-Known Member
Sep 14, 2004
1,430
92
178
inside a catfish
cPanel Access Level
Root Administrator
I have someone who wants to send mail from an old scanner which is not capable of smtp authentication. Exim is running internally on the network on port 25 (protected by a spam-filtering mail server) and listening to the world on 587, requiring SMTP authentication to relay mail. I would like to set up a third port (access will be restricted by the firewall and ACL's) that does not require authentication to relay mail. I don't want to just enable for their IP, as that could open the way for spam-sending viruses on machines which share the same public IP as the scanner. Any pointers?
Why don't you just whitelist the IP address of the scanner in the WHM / Exim Configuration Editor section - I forget the specific option, but if you enter the IP of teh scanner in one of the whitelist options, the scanner should be able to relay the mail through the system without SMTP auth.

We have one customer who is still using old Outlook 98 on a lot of their client machines and cannot SMTP auth - They are on a static connection and we whitelist them so that SMTP Auth checks are not necessary for them to send mail.

Mike
 

FreedomBI

Well-Known Member
Jul 7, 2008
65
0
56
Why don't you just whitelist the IP address of the scanner in the WHM / Exim Configuration Editor section - I forget the specific option, but if you enter the IP of teh scanner in one of the whitelist options, the scanner should be able to relay the mail through the system without SMTP auth.
Because that would whitelist every computer in the building. Not good if they get a virus.
 

mtindor

Well-Known Member
Sep 14, 2004
1,430
92
178
inside a catfish
cPanel Access Level
Root Administrator
Because that would whitelist every computer in the building. Not good if they get a virus.
Oh well, this "3rd" listening port really is nothing Cpanel should concern themselves with. In this day and age it is totally unrealistic to expect a hosting provider to relay mail for a device that doesn't support SMTP auth, just so that the customer doesn't have to update to a device that will not do authenticated SMTP. That's just silly. Let em find another provider that will (good luck for them). If you feel they are a customer you need to keep because they pay you oodles of money, sell em on a dedicated server or something - maybe even put them on a VPS (lease one yourself and put them on it, charging them for the hassle and the VPS and a little extra for commission).

Mike