Autor: Troy Wical Data: A: exim users Assumpte: Re: [exim] Unable to send email from email clients
On Sun, May 31, 2009 10:08 pm, W B Hacker wrote:
Thanks for the replies, and patience with my learning curve. Apologies on
the delay, family matters sent me on the road for several days.
> If your desktop client is trying to submit on port 25, it should not be.
>
> 'log_selector = +all' will show you te ports involved.
Running debian etch here. I placed the above 'log_selector' statement in
/etc/exim4/exim4.conf.template and restarted exim4. I received the
following line in the logs...
2009-06-07 05:38:58 exim 4.69 daemon started: pid=9613, -q30m, listening
for SMTP on port 25 (IPv6 and IPv4)
> An Exim debug run will add greatly to what the log is telling you,
started exim4 via '/etc/init.d/exim4 start -bd' but did not see any
additional output.
and > what you
> need IS in docs and archives.
I should have worded that differently. I wasn't doubting that the
documentation had the answer. Perhaps I should have stated "I am failing
the documentation," and not the other way around :) >
> Basically you'll want to:
>
> - ENFORCE forward/reverse lookup ONLY on port 25, where arrivals should
> ALWAYS
> have proper DNS 'credentials'.
This is where I am still trying to grasp how exim functions. Specifically,
what files I should place the confiuration changes in. More reading on my
end sends me looking in the /etc/exim4/conf.d/acl directory. I looked
through the files listed there but they seem to cover incoming mail only?
> - NOT ENFORCE forward/reverse lookup on port 587, where your own user base
> attaches to submit mail. These will almost always be coming from a LAN,
> dial-up,
> *dsl broadband, hence will almost NEVER have a valid PTR RR or match
> forward/reverse lookup.
After poking around a bit, I can find no reference to port 587. Is this
related to the 'daemon_smtp_ports' config spec?
> --- remember to ALSO require TLS/SSL security ONLY (no fallback to
> en-clair) and
> to verify authentication for port 587
>
> - EXEMPT authorized 'relay_from_hosts' that do not/can not authenticate on
> port
> 587, if you have any such, with methods that best fit your situation.
>
> That can include restriction to arrival on port *24* and/or from
> internal-only
> non-routable IP, use of matching pem certs instead of passwords ... etc.
Still reading on these.
> HTH,
>
> Bill
It does help, and I really do appreciate the time and responses. The exim
wiki and archives have been great as well, and they are proving more
valuable as I get more up to speed on the understanding of exim.
On a side note, I did find out why I suddenly wasn't able to send mail
from my phone, laptop, or any other computer other than the mail server
itself. When I began this journey to take on my own mail server, I
started with qmail. And while I had cleaned most of that up, there was a
single qmail service running which I killed and removed the other week.
That service is what was allowing me to send mail still. *sigh*