Mail Server Setup With Exim, MySQL, Cyrus-Imapd, Horde Webmail On Centos 5.1 - works?

Discussion in 'HOWTO-Related Questions' started by gsp, Oct 10, 2008.

  1. topdog

    topdog Active Member

    Of course you have to leave those ports open, because you cannot provide the services without them being open.

    port 80 is the most high risk port at the moment due to all kinds of web vulnerabilities, selinux could mitigate some of the attacks that can be launched via the web.

    How ever you have to be vigilant and proactive in updating your software.
     
  2. gsp

    gsp New Member

    OK, still is up and running :)

    I have one more question, from Horde interface or from IMAP clients (outlook, etc) the SMTP function works fine...

    But if i setup a POP3/SMTP account on outlook/express when it tries to send a message, the receiver rejects me because in the main.log file of exim the user seems to login as [email protected]@mailsrv (mailsrv is the hostname...) from Horde the user seems to login as [email protected] what should i change to work this OK?

    Thanks in advance (one more time!)
     
  3. topdog

    topdog Active Member

    Setup your from address to the correct one (full email address) it seems like the server is trying to qualify your address.
     
  4. gsp

    gsp New Member

    Yes but this is the problem.. in outlook client the from address is set up correctly...

    And for some reason exim gets this 'double' id.. [email protected]@mailsrv

    :confused::confused:

    Maybe if i use the qualify_domain in config of exim option?


    PS. this is what i get when trying to send from outlook:

    2008-12-03 11:48:45 no host name found for IP address 192.168.10.199
    2008-12-03 11:48:53 1L7oLd-0001hM-Lb <= "[email protected]"@mailsrv H=(sync4j) [192.168.10.199] P=esmtpa A=login:[email protected] S=12046 [email protected]
    2008-12-03 11:48:54 1L7oLd-0001hM-Lb ** [email protected] R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<[email protected]>: host mx1.freemail.gr [81.171.104.53]: 504 5.5.2 <[email protected]@mailsrv>: Sender address rejected: need fully-qualified address

    and THIS is what i get when i send the same test message on the SAME address..

    2008-12-03 10:59:50 no IP address found for host localhost (during SMTP connection from [127.0.0.1])
    2008-12-03 10:59:51 1L7naI-0001Qs-JZ <= [email protected] H=(localhost) [127.0.0.1] P=esmtp S=2230 [email protected]
    2008-12-03 10:59:52 1L7naI-0001Qs-JZ => [email protected] R=dnslookup T=remote_smtp H=mx1.freemail.gr [81.171.104.53]
    2008-12-03 10:59:52 1L7naI-0001Qs-JZ Completed
     
    Last edited: Dec 3, 2008
  5. topdog

    topdog Active Member

    Post the log sessions where you see that.
     
  6. gsp

    gsp New Member

    probably writing on the same moment!!! logs are on the previous message (edited)
     
  7. topdog

    topdog Active Member

    is qualify_domain set ? and are u using smtp authentication ?
     
  8. gsp

    gsp New Member

    Yes SMTP authentication is used.. (without this doesn't work at all)..

    Also if i set qualify_domain the message pass but in the receiver appears a crazy from like this

    From: "[email protected]"@@marishotels.eu; on behalf of; test [[email protected]]

    Is there any way to avoid this and have just the sender's address?

    ALSO, do you know any guide/way on how to set-up more than one virtual domains?
     
  9. topdog

    topdog Active Member

    add your networks to this
    Code:
    hostlist   relay_from_hosts =
    Then relaying will work without authentication, it seems like there is an issue when you authenticate i do not know what it is as when i tested mine worked with no problem but i was using thunderbird so i do not know.

    Virtual hosting is so easy with this all you need do it add the domain to
    Code:
    domainlist local_domains =
    and then add the user to the database.

    for example

    [email protected]
    [email protected]
    [email protected]

    Means you have 3 virtual domains domain1 domain2 and domain3
     
  10. gsp

    gsp New Member

    Ok so my thoughts were right. I will try this..

    In the meantime i tried the relay_from_hosts field but after set my network there, authentication is not needed and i get these in the logs..

    2008-12-03 13:25:05 no host name found for IP address 192.168.10.199
    2008-12-03 13:25:16 no host name found for IP address 192.168.10.199
    2008-12-03 13:25:18 unknown named domain list "+relay_domains"

    F****! every time something happens!!! :mad::D
     
  11. topdog

    topdog Active Member

    Post your config file.
     
  12. topdog

    topdog Active Member

    Find the line
    Code:
    domains = +local_domains : +relay_domains
    and change to
    Code:
    domains = +local_domains : +relay_to_domains
     
  13. gsp

    gsp New Member

    Unfortunately after this change it replies relay denied...

    here is my config which is copied from the how to except for the spam section which has some minor changes..

    Code:
    domainlist local_domains = @ : localhost : localhost.localdomain : marishotels.eu : mydomain2.gr
    domainlist relay_to_domains =
    hostlist   relay_from_hosts = 127.0.0.1 192.168.10.0
    acl_smtp_rcpt = acl_check_rcpt
    acl_smtp_data = acl_check_data
    acl_smtp_mime = acl_check_mime
    acl_smtp_connect = acl_check_connect
    hide mysql_servers = localhost/horde/horde/hordepassword
    av_scanner = clamd:/var/run/clamav/clamd.socket
    spamd_address = /var/run/spamassassin/spamd.sock
    tls_advertise_hosts = *
    tls_certificate = /etc/pki/tls/certs/exim.pem
    tls_privatekey = /etc/pki/tls/private/exim.pem
    daemon_smtp_ports = 25
    disable_ipv6 = true
    never_users = root
    host_lookup = *
    rfc1413_hosts = 
    rfc1413_query_timeout = 0s
    ignore_bounce_errors_after = 2d
    timeout_frozen_after = 7d
    auth_advertise_hosts = * 
    pipelining_advertise_hosts = 
    smtp_accept_max_nonmail = 6
    smtp_max_unknown_commands = 1
    system_filter = /etc/exim/system_filter.txt
    message_body_visible = 5000
    system_filter_user = mail
    system_filter_group = mail
    system_filter_file_transport = address_file
    system_filter_reply_transport = address_pipe
    
    begin acl
    
    acl_check_rcpt:
      accept  hosts = :
      
      deny    message       = Restricted characters in address
              domains       = +local_domains
              local_parts   = ^[.] : ^.*[@%!/|]
      
      deny    message       = Restricted characters in address
              domains       = !+local_domains
              local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
    
      drop  message  = REFUSED - no HELO/EHLO greeting
            log_message = remote host did not present greeting
            condition = ${if def:sender_helo_name {false}{true}}
      
      accept  local_parts   = postmaster
              domains       = +local_domains
     # require verify        = sender
     
      accept  hosts         = +relay_from_hosts
              control       = submission
     
      accept  authenticated = *
              control       = submission
     
      require message = relay not permitted
              domains = +local_domains : +relay_to_domains
    
      drop    message       = REJECTED because $sender_host_address is in a black list spamhaus.org
               dnslists      = zen.spamhaus.org
    
      drop    message       = REJECTED because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
               dnslists      = bl.spamcop.net
    
      drop    message       = REJECTED because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
               dnslists      = dnsbl.sorbs.net
    
      accept
    
    acl_check_data:
      deny    malware    = *
      	message    = This message contains a virus ($malware_name).
    
    accept  condition  = ${if >={$message_size}{100000} {1}}
            add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
      warn    spam       = nobody/defer_ok
            add_header = X-Spam-Flag: YES
      accept  condition  = ${if !def:spam_score_int {1}}
            add_header = X-Spam-Note: SpamAssassin invocation failed
      warn    add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
            X-Spam-Report: $spam_report
    #  drop    condition = ${if >{$spam_score_int}{60} {1}}
    #        message   = Your message scored $spam_score SpamAssassin point. Report follows:\n\
    #        $spam_report
      warn message = X-New-Subject: *SPAM* $rh_subject:
         spam = nobody
      
      warn message = X-Spam-Score: $spam_score ($spam_bar)
         condition = ${if <{$message_size}{80k}{1}{0}}
         spam = nobody:true
    
    
      accept
    
    acl_check_mime:
      deny message = Blacklisted file extension detected
           condition = ${if match \
                            {${lc:$mime_filename}} \
                            {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
                         {1}{0}}
    
      accept
    
    acl_check_connect:
      drop ratelimit = 25 / 15m / strict
           #hosts = ! lsearch;/etc/exim/non_rate_limit_hosts
           message = You can only send $sender_rate per $sender_rate_period
           log_message = RATE: $sender_rate/$sender_rate_period (max $sender_rate_limit)
    
      accept
    
    
    begin routers
    
    dnslookup:
      driver = dnslookup
      domains = +local_domains : +relay_to_domains
      transport = remote_smtp
      ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
      no_more
    
    system_aliases:
      driver = redirect
      allow_fail
      allow_defer
      data = ${lookup{$local_part}lsearch{/etc/aliases}}
      file_transport = address_file
      pipe_transport = address_pipe
    
    localuser:
      driver = accept
      local_parts = ${lookup mysql {SELECT REPLACE(user_uid,'${quote_mysql:@$domain}','') \
    	 as user FROM horde_users WHERE user_uid='${quote_mysql:[email protected]$domain}'}{$value}}
      transport = local_delivery
      cannot_route_message = Unknown user
    
    begin transports
    
    remote_smtp:
    
    driver = smtp
    
    local_delivery:
      driver = lmtp
      socket = /var/lib/imap/socket/lmtp
      batch_max = 50
      user = cyrus
    
    address_reply:
      driver = autoreply
    
    begin retry
    
    *                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
    begin rewrite
    
    
    begin authenticators
    
    plain:
      driver = plaintext
      public_name = PLAIN
      server_prompts = :
      server_set_id = $2
      server_condition = ${if saslauthd{{$2}{$3}{pop}}{1}{0}}
      server_advertise_condition = true
    
    login:
      driver = plaintext
      public_name = LOGIN
      server_prompts = "Username:: : Password::"
      server_condition = ${if saslauthd{{$1}{$2}{pop}}{1}{0}}
      server_set_id = $1
      server_advertise_condition = true
    ** i am also downloading thunderbird to see if i have same results..
     
  14. topdog

    topdog Active Member

    Code:
    hostlist   relay_from_hosts = 127.0.0.1 : 192.168.10.0/24
     
  15. gsp

    gsp New Member

    Thunderbird does exactly the same behavior...

    ok hosts corrected... but in the domain section existed one '!' .. is it needed?

    Now what ever address i put in To: it sas 'User uknown' (in the log file..)..

    :confused::confused::confused: i will break this box!!! :eek:
     
  16. topdog

    topdog Active Member

    I do not understand what u are saying, are u saying you cannot send mail anywhere ?
     
  17. gsp

    gsp New Member

    Yes that was correct... probably some typing mistake... now reverting back to my original conf, and fixing the hosts that you stated seems to work without authentication.

    I am wondering because thunderbird makes the same problem if i use authentication.. do you use it by the same way?(authenticated or not)?

    Thanks
     
  18. topdog

    topdog Active Member

    When i tested with authentication it worked for me with out altering the address. I do not work for the company where the production system is running anymore but i can test again on my dev virtual machine.
     
  19. gsp

    gsp New Member

    OK, if and whenever you have the time it would be good to know how to make this work...(compare our configs..) maybe some of my clients want to use outlook from 'outside' connections and the only way to keep my SMTP safe is to require authentication from all except localhost..

    Cheers
     
  20. topdog

    topdog Active Member

    Can you email me with authentication on i want to see how the headers are being altered
     

Share This Page