So, a recap of what I do during install of my VPS, concerning email/EXIM:
1.
Code:
cd /usr/local/directadmin/custombuild
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set blockcracking yes
./build set easy_spam_fighter yes
./build set spamassassin yes
./build update
./build exim_conf
yum -y install perl-ExtUtils-MakeMaker perl-Digest-SHA perl-Net-DNS perl-NetAddr-IP perl-Archive-Tar perl-IO-Zlib perl-Digest-SHA perl-Mail-SPF perl-IP-Country perl-Razor2 perl-Net-Ident perl-IO-Socket-INET6 perl-IO-Socket-SSL perl-Mail-DKIM perl-DBI perl-Encode-Detect perl-HTML-Parser perl-HTML-Tagset perl-Time-HiRes perl-libwww-perl perl-Sys-Syslog
2. file: /etc/exim.conf
in remote_smtp I added:
for letting exim use a other ip for sending than server ip
3. file: /etc/exim.conf
underneath this:
Code:
# block certain well-known exploits, Deny for local domains if
# local parts begin with a dot or contain @ % ! / |
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
I paste:
Code:
# Change Begin
# Prevents unencrypted mail submission.
accept encrypted = *
drop message = connection is not encrypted, contact host
log_message = Connection from \
[$sender_host_address]($authenticated_id) was \
not encrypted.
# Change End
4. file: /etc/exim.variables.conf
granted, I could better to this in /etc/exim.variables.conf.custom
5. file: /etc/dovecot.conf
Code:
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
because CSF told me to do so
6. file: /etc/dovecot.conf
Code:
inet_listener imap {
port=0
}
and
Code:
inet_listener pop3 {
port=0
}
respectively in service imap_login and pop3_login, to make sure that if I have clients checking mail, they use SSL
7.
https://help.directadmin.com/item.php?id=257
Code:
untrusted_set_sender = *
no_local_from_check
So, some things might be unneccessary but this are left overs from notes during a couple of server installes, which works for me. None of this can explain the open relay, right?