Re: [exim] Unable to send email from email clients

Top Page
Delete this message
Reply to this message
Author: Troy Wical
Date:  
To: exim users
Subject: Re: [exim] Unable to send email from email clients

On Sun, May 31, 2009 10:08 pm, W B Hacker wrote:

Thanks for the replies, and patience with my learning curve. Apologies on
the delay, family matters sent me on the road for several days.

> If your desktop client is trying to submit on port 25, it should not be.
>
> 'log_selector = +all' will show you te ports involved.


Running debian etch here. I placed the above 'log_selector' statement in
/etc/exim4/exim4.conf.template and restarted exim4. I received the
following line in the logs...

2009-06-07 05:38:58 exim 4.69 daemon started: pid=9613, -q30m, listening
for SMTP on port 25 (IPv6 and IPv4)

> An Exim debug run will add greatly to what the log is telling you,


started exim4 via '/etc/init.d/exim4 start -bd' but did not see any
additional output.

and
> what you
> need IS in docs and archives.


I should have worded that differently. I wasn't doubting that the
documentation had the answer. Perhaps I should have stated "I am failing
the documentation," and not the other way around :)
>
> Basically you'll want to:
>
> - ENFORCE forward/reverse lookup ONLY on port 25, where arrivals should
> ALWAYS
> have proper DNS 'credentials'.


This is where I am still trying to grasp how exim functions. Specifically,
what files I should place the confiuration changes in. More reading on my
end sends me looking in the /etc/exim4/conf.d/acl directory. I looked
through the files listed there but they seem to cover incoming mail only?

> - NOT ENFORCE forward/reverse lookup on port 587, where your own user base
> attaches to submit mail. These will almost always be coming from a LAN,
> dial-up,
> *dsl broadband, hence will almost NEVER have a valid PTR RR or match
> forward/reverse lookup.


After poking around a bit, I can find no reference to port 587. Is this
related to the 'daemon_smtp_ports' config spec?


> --- remember to ALSO require TLS/SSL security ONLY (no fallback to
> en-clair) and
> to verify authentication for port 587
>
> - EXEMPT authorized 'relay_from_hosts' that do not/can not authenticate on
> port
> 587, if you have any such, with methods that best fit your situation.
>
> That can include restriction to arrival on port *24* and/or from
> internal-only
> non-routable IP, use of matching pem certs instead of passwords ... etc.


Still reading on these.


> HTH,
>
> Bill


It does help, and I really do appreciate the time and responses. The exim
wiki and archives have been great as well, and they are proving more
valuable as I get more up to speed on the understanding of exim.

On a side note, I did find out why I suddenly wasn't able to send mail
from my phone, laptop, or any other computer other than the mail server
itself. When I began this journey to take on my own mail server, I
started with qmail. And while I had cleaned most of that up, there was a
single qmail service running which I killed and removed the other week.
That service is what was allowing me to send mail still. *sigh*

Thanks again

Troy