Troy Wical wrote: > On Sun, May 31, 2009 10:08 pm, W B Hacker wrote: > > Thanks for the replies, and patience with my learning curve. Apologies on > the delay, family matters sent me on the road for several days. > >> If your desktop client is trying to submit on port 25, it should not be. >> >> 'log_selector = +all' will show you te ports involved. > > Running debian etch here. I placed the above 'log_selector' statement in > /etc/exim4/exim4.conf.template and restarted exim4. I received the > following line in the logs...
Check your on-box docs for the Exim installed. They probably point you to a Debian+Exim site and support list. That place will have more specific information that doesn't often show up here on the 'generic' Exim list. > > 2009-06-07 05:38:58 exim 4.69 daemon started: pid=9613, -q30m, listening > for SMTP on port 25 (IPv6 and IPv4) > 2009-06-07 14:39:12 [7020] exim 4.69 daemon started: pid=7020, -q55s, listening for SMTP on [203.194.153.81]:25 <redacted> ...and for SMTPS on <redacted> ... [203.194.153.81]:587 Your output should not look *quite* like that - we are using tls_on_connect on 587 - (akin to SSLv3 - different set-up handshakes than TLS). But you get the idea - your implementation has not turned-on the 'submission' port at 587 *at all*. *snip* > > After poking around a bit, I can find no reference to port 587. Is this > related to the 'daemon_smtp_ports' config spec? > *snip* Yes, as in (at least) ports 25 and 587. You appear to be running a default of all available NICs/ IP's on the box (generally harmless), but only for the master the 'listener' port 25. You need to specify 587 as active, and when you do so, you will be over-riding defaults, so must then ALSO list port 25, lest it no longer be listened on - as in: daemon_smtp_ports = 25: 587 That is not the end of the story. SB. > >> --- remember to ALSO require TLS/SSL security ONLY (no fallback to >> en-clair) and >> to verify authentication for port 587 >> >> - EXEMPT authorized 'relay_from_hosts' that do not/can not authenticate on >> port >> 587, if you have any such, with methods that best fit your situation. >> >> That can include restriction to arrival on port *24* and/or from >> internal-only >> non-routable IP, use of matching pem certs instead of passwords ... etc. > > Still reading on these. > > >> HTH, >> >> Bill > > It does help, and I really do appreciate the time and responses. The exim > wiki and archives have been great as well, and they are proving more > valuable as I get more up to speed on the understanding of exim. > > On a side note, I did find out why I suddenly wasn't able to send mail > from my phone, laptop, or any other computer other than the mail server > itself. When I began this journey to take on my own mail server, I > started with qmail. And while I had cleaned most of that up, there was a > single qmail service running which I killed and removed the other week. > That service is what was allowing me to send mail still. *sigh* > > Thanks again > > Troy > BT,DT, GTTS. Another 'gotcha' - or life-saver - is that your MUA doesn't necessarily care if there is any relationship *whatsover* between its POP/IMAP and smtp login:pwd sets. So long as you have valid credentials, you can probably 'send' over an unrelated server while sorting all this... And perhaps longer than that ... as a public-facing MTA really, really does need to have a fixed-IP with a valid PTR RR. An SRV or MX record is also much better than a mere A record, and, of course all of this has to match properly. If those are not within your grasp, you should expect to need to 'transmit' via a smarthost that DOES have all of the requisite credentials. Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
