Exim spam - esmtps can't solve it

TonyF · Jul 12, 2017

Wow Richard G, you are my hero. This gives a good view on what the problem actually is, while I had no clue. I am interested in your methods, but I'll PM you about this.

/etc/exim.variables.conf.custom does not exist, but in /etc/exim.variables.conf this is already present:

Code:

hostlist relay_hosts=

Should that not be enough then? How did you test this?

Richard G · Jul 12, 2017

Hmmz you are correct. In the newer exim.variables.conf this line is already present. That's odd, makes me wonder.
I'll have to test this on my own systems.

You could do a ./build all d just to be sure.

I will write you per PM how it can be tested. Might be better not to post this on public to prevent scriptkiddies to mess around everywhere.

But I will first test on my own systems, just to be sure if it's not a security issue. I'll get back to you.

Richard G · Jul 12, 2017

Checked, I don't have that issue on my servers.

relay not permitted, authentication required

TonyF · Jul 12, 2017

Ha Richard,

Thanks for checking all this. Your conclusion makes me conclude that something must be out of the ordinary. What do you think is causing this? Is this a DA issue?

Richard G · Jul 12, 2017

No it's a settings issue somewhere.
If it was a DA issue, then I should have the problem too.

TonyF · Jul 13, 2017

So, a recap of what I do during install of my VPS, concerning email/EXIM:

1.

Code:

cd /usr/local/directadmin/custombuild
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set blockcracking yes
./build set easy_spam_fighter yes
./build set spamassassin yes
./build update
./build exim_conf

yum -y install perl-ExtUtils-MakeMaker perl-Digest-SHA perl-Net-DNS perl-NetAddr-IP perl-Archive-Tar perl-IO-Zlib perl-Digest-SHA perl-Mail-SPF perl-IP-Country perl-Razor2 perl-Net-Ident perl-IO-Socket-INET6 perl-IO-Socket-SSL perl-Mail-DKIM perl-DBI perl-Encode-Detect perl-HTML-Parser perl-HTML-Tagset perl-Time-HiRes perl-libwww-perl perl-Sys-Syslog

2. file: /etc/exim.conf
in remote_smtp I added:

Code:

interface = xx.xx.xx.xx

for letting exim use a other ip for sending than server ip

3. file: /etc/exim.conf
underneath this:

Code:

# block certain well-known exploits, Deny for local domains if
  # local parts begin with a dot or contain @ % ! / |
  deny  domains       = +local_domains
        local_parts   = ^[.] : ^.*[@%!/|]

I paste:

Code:

# Change Begin
# Prevents unencrypted mail submission.
  accept  encrypted     = *
  drop    message       = connection is not encrypted, contact host
          log_message   = Connection from \
                          [$sender_host_address]($authenticated_id) was \
                          not encrypted.
# Change End

4. file: /etc/exim.variables.conf

Code:

disable_ipv6=true

granted, I could better to this in /etc/exim.variables.conf.custom

5. file: /etc/dovecot.conf

Code:

ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

because CSF told me to do so

6. file: /etc/dovecot.conf

Code:

inet_listener imap {
      port=0
  }

and

Code:

inet_listener pop3 {
      port=0
  }

respectively in service imap_login and pop3_login, to make sure that if I have clients checking mail, they use SSL

7. https://help.directadmin.com/item.php?id=257

Code:

untrusted_set_sender = *
no_local_from_check

So, some things might be unneccessary but this are left overs from notes during a couple of server installes, which works for me. None of this can explain the open relay, right?

zEitEr · Jul 13, 2017

I believe you are open-relay due to this:

Code:

# Change Begin# Prevents unencrypted mail submission.
  accept  encrypted     = *
  drop    message       = connection is not encrypted, contact host
          log_message   = Connection from \
                          [$sender_host_address]($authenticated_id) was \
                          not encrypted.
# Change End

you accept all encrypted connections even without authentication. I'd try with:

Code:

# Change Begin# Prevents unencrypted mail submission.
  drop  !encrypted     = *
          message      = connection is not encrypted, contact host
          log_message  = Connection from \
                          [$sender_host_address]($authenticated_id) was \
                          not encrypted.
# Change End

with exim.conf 4.4+, 4.5+

Not much tested... a quick test shows it should work

zEitEr · Jul 14, 2017

You might want to check this http://forum.directadmin.com/showthread.php?t=43500&p=229094#post229094 as well.

TonyF · Jul 14, 2017

Thanks zEitEr, I found that info in the same thread, starting post here: http://forum.directadmin.com/showthread.php?t=43500

Perhaps best to edit that info there as well, since it is on DA forums making DA vulnerable.

I will remove that line since it is not needed for me. I will report back!

Richard G · Jul 14, 2017

Just something about your order of doing things.

In 1.) You should first to the Yum install thing, and after that the build things.

Alex has answered for the rest so I'm sure you will fix it now and have seen it was a change setting which caused this.
I will keep following the thread to see if you succeeded.

TonyF · Jul 14, 2017

True, this was a copy paste of some notes. The order should indeed be changed thanks.

I will keep an eye on my logs, see if it is fixed.

Richard G · Jul 14, 2017

Oke, otherwise you can test yourself too, I wrote you per pm how to test.

TonyF · Jul 31, 2017

I can't replicate it myself anymore, so in that way it must be solved.

Also, no problems with sending out spam anymore. Thanks again everyone taking the time to chime in.

Richard G · Jul 31, 2017

Glad to read it's fixed now. You're welcome.

Exim spam - esmtps can't solve it

TonyF

Verified User

Richard G

Verified User

Richard G

Verified User

TonyF

Verified User

Richard G

Verified User

TonyF

Verified User

zEitEr

Super Moderator

zEitEr

Super Moderator

TonyF

Verified User

Richard G

Verified User

TonyF

Verified User

Richard G

Verified User

TonyF

Verified User

Richard G

Verified User