On Sun, May 31, 2009 10:08 pm, W B Hacker wrote: Thanks for the replies, and patience with my learning curve. Apologies on the delay, family matters sent me on the road for several days.
> If your desktop client is trying to submit on port 25, it should not be. > > 'log_selector = +all' will show you te ports involved. Running debian etch here. I placed the above 'log_selector' statement in /etc/exim4/exim4.conf.template and restarted exim4. I received the following line in the logs... 2009-06-07 05:38:58 exim 4.69 daemon started: pid=9613, -q30m, listening for SMTP on port 25 (IPv6 and IPv4) > An Exim debug run will add greatly to what the log is telling you, started exim4 via '/etc/init.d/exim4 start -bd' but did not see any additional output. and > what you > need IS in docs and archives. I should have worded that differently. I wasn't doubting that the documentation had the answer. Perhaps I should have stated "I am failing the documentation," and not the other way around :) > > Basically you'll want to: > > - ENFORCE forward/reverse lookup ONLY on port 25, where arrivals should > ALWAYS > have proper DNS 'credentials'. This is where I am still trying to grasp how exim functions. Specifically, what files I should place the confiuration changes in. More reading on my end sends me looking in the /etc/exim4/conf.d/acl directory. I looked through the files listed there but they seem to cover incoming mail only? > - NOT ENFORCE forward/reverse lookup on port 587, where your own user base > attaches to submit mail. These will almost always be coming from a LAN, > dial-up, > *dsl broadband, hence will almost NEVER have a valid PTR RR or match > forward/reverse lookup. After poking around a bit, I can find no reference to port 587. Is this related to the 'daemon_smtp_ports' config spec? > --- remember to ALSO require TLS/SSL security ONLY (no fallback to > en-clair) and > to verify authentication for port 587 > > - EXEMPT authorized 'relay_from_hosts' that do not/can not authenticate on > port > 587, if you have any such, with methods that best fit your situation. > > That can include restriction to arrival on port *24* and/or from > internal-only > non-routable IP, use of matching pem certs instead of passwords ... etc. Still reading on these. > HTH, > > Bill It does help, and I really do appreciate the time and responses. The exim wiki and archives have been great as well, and they are proving more valuable as I get more up to speed on the understanding of exim. On a side note, I did find out why I suddenly wasn't able to send mail from my phone, laptop, or any other computer other than the mail server itself. When I began this journey to take on my own mail server, I started with qmail. And while I had cleaned most of that up, there was a single qmail service running which I killed and removed the other week. That service is what was allowing me to send mail still. *sigh* Thanks again Troy -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
