The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

third exim port for unauthenticated mail

Discussion in 'E-mail Discussions' started by FreedomBI, Jul 29, 2008.

  1. FreedomBI

    FreedomBI Well-Known Member

    Joined:
    Jul 7, 2008
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    I have someone who wants to send mail from an old scanner which is not capable of smtp authentication. Exim is running internally on the network on port 25 (protected by a spam-filtering mail server) and listening to the world on 587, requiring SMTP authentication to relay mail. I would like to set up a third port (access will be restricted by the firewall and ACL's) that does not require authentication to relay mail. I don't want to just enable for their IP, as that could open the way for spam-sending viruses on machines which share the same public IP as the scanner. Any pointers?
     
  2. FreedomBI

    FreedomBI Well-Known Member

    Joined:
    Jul 7, 2008
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    I think I've got something on this. I think that to listen on a third port, I can set "Exim on another port" to something like "587:26" in the service manager. I haven't tried this yet, as I don't know if it does any filtering on the extra port number, or what will happen if it does. It's certainly not something to try during normal business hours.

    If that works, I should be able to add an ACL based on $received_port and $host.
     
  3. FreedomBI

    FreedomBI Well-Known Member

    Joined:
    Jul 7, 2008
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    My idea above did not work. It only pays attention to integers. However, once I realized that -oX overrides whatever is set in daemon_smtp_ports, I figured that I could just set that to 25:26 in the exim configuration.

    With that, is there any real advantage to running a separate instance on port 587 instead of just setting daemon_smtp_ports to 25:26:587?
     
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
  5. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Why don't you just whitelist the IP address of the scanner in the WHM / Exim Configuration Editor section - I forget the specific option, but if you enter the IP of teh scanner in one of the whitelist options, the scanner should be able to relay the mail through the system without SMTP auth.

    We have one customer who is still using old Outlook 98 on a lot of their client machines and cannot SMTP auth - They are on a static connection and we whitelist them so that SMTP Auth checks are not necessary for them to send mail.

    Mike
     
  6. FreedomBI

    FreedomBI Well-Known Member

    Joined:
    Jul 7, 2008
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    Because that would whitelist every computer in the building. Not good if they get a virus.
     
  7. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Oh well, this "3rd" listening port really is nothing Cpanel should concern themselves with. In this day and age it is totally unrealistic to expect a hosting provider to relay mail for a device that doesn't support SMTP auth, just so that the customer doesn't have to update to a device that will not do authenticated SMTP. That's just silly. Let em find another provider that will (good luck for them). If you feel they are a customer you need to keep because they pay you oodles of money, sell em on a dedicated server or something - maybe even put them on a VPS (lease one yourself and put them on it, charging them for the hassle and the VPS and a little extra for commission).

    Mike
     
Loading...

Share This Page