Exim Configuration – Listen on Port 25 for Localhost Only

eximlinux

I want to use Exim4 as an MTA for my server, but basically only to send emails. For security issues, I would like to restrict incoming connections to localhost only (I think). So there is this option in the exim4 configuration where you can specify:

IP-addresses to listen on for incomming SMTP connections:

If I put localhost there, I can perfectly well send emails via mutt and mail, but other services on my machine cannot connect to the exim daemon to send emails, especially because there is no binding to the port tcp/25 if I specify localhost in the field above.

Of course if I leave the field blank, everything works fine, but I don't want to listen for tcp/25 for anybody else than my own machine… Here is my log when all connections are accepted, for local services like ossec:

2013-10-08 12:26:13 1VTcv7-XXXXX-XX <= ossecm@myserver.edu H=localhost (notify.ossec.net) [127.0.0.1] P=smtp S=979

Best Answer

If you literally put "localhost" in that setting, try putting instead:

dc_local_interfaces='127.0.0.1 ; ::1'

During dpkg-reconfigure exim4-config, if you select *Internet site" for the type, the second question looks like this:

Please enter a semicolon-separated list of IP addresses. The Exim SMTP listener
daemon will listen on all IP addresses listed here.

An empty value will cause Exim to listen for connections on all available network
interfaces.

If this system only receives mail directly from local services (and not from other
hosts), it is suggested to prohibit external connections to the local Exim daemon.
Such services include e-mail programs (MUAs) which talk to localhost only as well
as fetchmail. External connections are impossible when 127.0.0.1 is entered here,
as this will disable listening on public network interfaces.

IP-addresses to listen on for incoming SMTP connections:

Simply put the following in that field:

127.0.0.1; ::1

Related Solutions

Linux – Exim taking long time to send emails, how to decrease delay in Exim service

The server appears to be doing throttling which might affect you if you are testing from one IP:

2009-08-10 07:21:05 H=(aurl.domain.ni) [127.0.0.1] Warning: Sender rate 4.6 / 1h

Often issues like this are related to poor DNS. Exim does a lot of resolution during processing mail. Check the DNS config on the Exim server. Check the performance on the DNS server it is using.

Is the server doing any DNSBL processing? I'm often asked to look at servers exhibiting poor performance and it turns out they are using DNSBLs that have been retired, meaning lookups are timing out.

Try running exim in debug on the server to see where the problem is. The following will run an Exim daemon on port 26, staying attached to the console and printing lots of debug:

exim -bd -d -oX 26

Then telnet to tcp/26 instead of tcp/25 and test as you had been.

Exim: remote host is local host

Exim doesn't, by default, let you send mail back to yourself. You can change this behavior by using the self router option. Here's an example from my config in which I had to use self = send to get Exim to send "slow" mail to another instance on the same host:

stalemail:
  driver = manualroute
  condition = ${if > {$message_age}{900}{yes}{no}}
  self = send
  domains = ! +local_domains
  route_list = * mailhub-01.example.com::8025:mailhub-02.example.com::8025
  transport = remote_smtp

Best Answer

Related Solutions

Linux – Exim taking long time to send emails, how to decrease delay in Exim service

Exim: remote host is local host

Related Topic