Autor: W B Hacker Data: A: exim users Assumpte: Re: [exim] Unable to send email from email clients
Troy Wical wrote: > On Sun, May 31, 2009 10:08 pm, W B Hacker wrote:
>
> Thanks for the replies, and patience with my learning curve. Apologies on
> the delay, family matters sent me on the road for several days.
>
>> If your desktop client is trying to submit on port 25, it should not be.
>>
>> 'log_selector = +all' will show you te ports involved.
>
> Running debian etch here. I placed the above 'log_selector' statement in
> /etc/exim4/exim4.conf.template and restarted exim4. I received the
> following line in the logs...
Check your on-box docs for the Exim installed. They probably point you to a
Debian+Exim site and support list. That place will have more specific
information that doesn't often show up here on the 'generic' Exim list.
>
> 2009-06-07 05:38:58 exim 4.69 daemon started: pid=9613, -q30m, listening
> for SMTP on port 25 (IPv6 and IPv4)
>
2009-06-07 14:39:12 [7020] exim 4.69 daemon started: pid=7020, -q55s, listening
for SMTP on [203.194.153.81]:25 <redacted> ...and for SMTPS on <redacted> ...
[203.194.153.81]:587
Your output should not look *quite* like that - we are using tls_on_connect on
587 - (akin to SSLv3 - different set-up handshakes than TLS).
But you get the idea - your implementation has not turned-on the 'submission'
port at 587 *at all*.
*snip*
>
> After poking around a bit, I can find no reference to port 587. Is this
> related to the 'daemon_smtp_ports' config spec?
>
*snip*
Yes, as in (at least) ports 25 and 587.
You appear to be running a default of all available NICs/ IP's on the box
(generally harmless), but only for the master the 'listener' port 25.
You need to specify 587 as active, and when you do so, you will be over-riding
defaults, so must then ALSO list port 25, lest it no longer be listened on - as in:
daemon_smtp_ports = 25: 587
That is not the end of the story. SB.
>
>> --- remember to ALSO require TLS/SSL security ONLY (no fallback to
>> en-clair) and
>> to verify authentication for port 587
>>
>> - EXEMPT authorized 'relay_from_hosts' that do not/can not authenticate on
>> port
>> 587, if you have any such, with methods that best fit your situation.
>>
>> That can include restriction to arrival on port *24* and/or from
>> internal-only
>> non-routable IP, use of matching pem certs instead of passwords ... etc.
>
> Still reading on these.
>
>
>> HTH,
>>
>> Bill
>
> It does help, and I really do appreciate the time and responses. The exim
> wiki and archives have been great as well, and they are proving more
> valuable as I get more up to speed on the understanding of exim.
>
> On a side note, I did find out why I suddenly wasn't able to send mail
> from my phone, laptop, or any other computer other than the mail server
> itself. When I began this journey to take on my own mail server, I
> started with qmail. And while I had cleaned most of that up, there was a
> single qmail service running which I killed and removed the other week.
> That service is what was allowing me to send mail still. *sigh*
>
> Thanks again
>
> Troy
>
BT,DT, GTTS. Another 'gotcha' - or life-saver - is that your MUA doesn't
necessarily care if there is any relationship *whatsover* between its POP/IMAP
and smtp login:pwd sets. So long as you have valid credentials, you can probably
'send' over an unrelated server while sorting all this...
And perhaps longer than that ... as a public-facing MTA really, really does need
to have a fixed-IP with a valid PTR RR. An SRV or MX record is also much better
than a mere A record, and, of course all of this has to match properly.
If those are not within your grasp, you should expect to need to 'transmit' via
a smarthost that DOES have all of the requisite credentials.