Re: [exim] Unable to send email from email clients

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] Unable to send email from email clients
Troy Wical wrote:
> Hello folks,
>
>      The archives fail me, so here I am.  I do believe this to be a simple
> issue, but cant pinpoint the problem after reading through the exim
> doc's and elsewhere online.  In short, I can send fine via
> squirrelmail, but not from an email client such as Apple Mail, or
> Thunderbird or **insert your client of choice**

>
>      I've tried to retrace any changes that I've made, which I do
> document, but I've made none that are email related.  It seems that I
> can only send from the server locally? Right when I try to send, this
> shows up in the logs...

>
> 2009-05-31 18:54:05 no host name found for IP address 10.1.10.10
>
> Any thoughts? Thanks in advance.
>
> Troy
>
>


If your desktop client is trying to submit on port 25, it should not be.

'log_selector = +all' will show you te ports involved.

An Exim debug run will add greatly to what the log is telling you, and what you
need IS in docs and archives.

Basically you'll want to:

- ENFORCE forward/reverse lookup ONLY on port 25, where arrivals should ALWAYS
have proper DNS 'credentials'.

- NOT ENFORCE forward/reverse lookup on port 587, where your own user base
attaches to submit mail. These will almost always be coming from a LAN, dial-up,
*dsl broadband, hence will almost NEVER have a valid PTR RR or match
forward/reverse lookup.

--- remember to ALSO require TLS/SSL security ONLY (no fallback to en-clair) and
to verify authentication for port 587

- EXEMPT authorized 'relay_from_hosts' that do not/can not authenticate on port
587, if you have any such, with methods that best fit your situation.

That can include restriction to arrival on port *24* and/or from internal-only
non-routable IP, use of matching pem certs instead of passwords ... etc.

HTH,

Bill