Re: How to receive incoming mail on port xxx, outgoing mail on port 25?

> >> Changing exim's port from 25 became necessary because I'm running an
> >> AntiVir daemon that "occupies" port 25 and passes scanned mails on
> >>
> > Yes, exactly what I am trying to do,
>
> No!!
> You changed the "SMTP" port definition in /etc/services.
> What I have done, was _adding_ an entry to /etc/services.

uh oh. communication breakdown. I said 'trying', not 'tried'. What I
should have said was "Yes, it's my intention to acheive this
same goal, but have not succeeded yet". BTW, thanks very much for your
patience and help Christian, is there somewhere I can
donate?


> Why don't you give a chance to the example I posted here?
> It's exactly what you have quoted from the exim docs here.
>
> But remember: Leave the original entry for SMTP in /etc/services as
> ist is!
>

/etc/services
smtp 25/tcp mail
smtp 25/udp mail
smtp-backdoor xxxxx/tcp mail

/etc/exim.conf
daemon_smtp_port = smtp-backdoor


But I did give it a chance exactly as recommended, and it didn't work on my
system, Exim choked on restart. I upgraded to the
latest stable version of Exim, turned off antirelayd, mailman, spamassassin
spamd, and the -oX SSL command switch, and retried the
backdoor daemon per your instructions, this time changing the backdoor port
number to a 5 digit address. Surprise, this time it
works !!!! Ten minutes later, WHM determined that Exim was down, so it
automatically restarted Exim using the -oX SSL port command
line switch and started antirelayd .... and the backdoor daemon still works!
The problem was either with mailman, spamd, the port
number of 125, or the previous version of Exim.


> What does "WHM" mean?
> Can't you change the options it is invoked with?
>

WHM is Cpanel Web Host Manager, a common web control panel helper app for
Linux RedHat web hosts. The configuration file is edited
by a WYSIWYG which is missing some important options. WHM handles config
strangely, using blank files with the execute bit set, and
strange names, like "/etc/spamdIsEvil" to alert the restart script to not
start spamd. Not only that, but it automatically updates
itself every few weeks and occasionally overwrites existing config. Useless
to hack the scripts because they get overwritten too.
Security through obscurity I guess? I just run a cron job to killall spamd
and antirelayd processes after the scheduled update.

Hello Chris,

Chris Fortune schrieb/wrote:

> /etc/services
> smtp 25/tcp mail
> smtp 25/udp mail
> smtp-backdoor xxxxx/tcp mail
>
> /etc/exim.conf
> daemon_smtp_port = smtp-backdoor

OK, that should make exim listen on port xxxxx.

> But I did give it a chance exactly as recommended, and it didn't work on my
> system, Exim choked on restart. I upgraded to the
> latest stable version of Exim, turned off antirelayd, mailman, spamassassin
> spamd, and the -oX SSL command switch, and retried the
> backdoor daemon per your instructions, this time changing the backdoor port
> number to a 5 digit address. Surprise, this time it
> works!!!!

I suppose, with "a 5 digit", you mean a port number > 10000?

> Ten minutes later, WHM determined that Exim was down, so it
> automatically restarted Exim using the -oX SSL port command
> line switch and started antirelayd .... and the backdoor daemon still works!

But WHM has obvously launched another instance of exim, hasn't it?

> The problem was either with mailman, spamd, the port
> number of 125, or the previous version of Exim.
>
>
>> What does "WHM" mean?
>> Can't you change the options it is invoked with?
>>
>
> WHM is Cpanel Web Host Manager, a common web control panel helper app for
> Linux RedHat web hosts.

Well, I don't like these configuration tools, because they (obviously)
sometimes do things that you don't want them to do...

[..]
> Security through obscurity I guess? I just run a cron job to killall spamd
> and antirelayd processes after the scheduled update.

That means fighting the symptoms and not their causes...
spamd can be used by exim (when built with the exiscan-acl patch) - so
I wouldn't kill the corresponding process. You can addirionally bind
spamd to your loopback interface...
And I suppose that what "antirelayd" does can also be done by exim
directly.
"Keep it simple" in a security context does also mean that you should
use as few programs as possible... ;-)

Regards,
Christian
--
Christian Schmidt | Germany | ChriSchmiLi@gmx.de
PGP Key ID: 0x28266F2C