we use exim on a VPS. We host multiple domains on WP and Magento.
Recentyl I was reviewing some e-mails when I saw the following in the Received headers: my linux username, servername (not the sending domain name) and the actual version of Exim sending the email.
Received: from **USERNAME** by **VPS_SERVERNAME** with local (**EXIM VERSION**)
(envelope-from <user#domain.com>)
id 1a34DM-0003fW-xx
for recipient#gmail.com; Sun, 29 Nov 2015 16:48:36 +0100
I made a little jump. Why is it necessary to send the username under wich the process runs. And also why is the server name not the sending domain name. And why expose the Exim version or even expose Exim? All seems like quite a security risk by giving TMI
My question: How can I change USERNAME in the Received header to the sending E-MAIL NAME (prefix or whole email) and change the VPS_SERVERNAME to the sending DOMAINNAME. Or at least change the whole to something within all E-mails RFC's a rules ... but a little more anonymous.
Received: from user by domain.com with local (Mailserver)
(envelope-from <user#domain.com>)
Where user is taken from email, just like domein.com.
You can configure the format of the Received: header appended by Exim through the received_header_text key in the Exim configuration. This allows you to remove the user name. The default format string also suggests that Exim uses the primary_hostname variable for your VPS_SERVERNAME field, which defaults to uname() (that is, your host name), but this can also be overridden in the configuration to your FQDN of choice.
As for whether the default format is TMI, Exim's format is not unusual. Received: headers are for diagnostic purposes and they generally reveal a lot about the sending network and MTA software. Details can be hidden if security through obscurity is preferred over diagnostics, but consider that it only makes attacking the network harder and it is not an active security measure.
Related
So my question is, for a company we have an old exchange server (they don't want to upgrade or transfer) that is nearly dying from e-mails. But these are just coming from one Mailbox.
So my plan was, redirect info#example.de to another mailbox like info#outlook.onmicrosoft.com.
The other E-Mails should be routed as expected...
# virtual postfix file
info#example.de info#outlook.onmicrosoft.com
#example.de #example.de
For this I also have a transport File.
example.de smtp:mx.mail.de
My problem now is, the redirect is getting bounced (User unknown in virtual alias table)
2B2DEE7: to=<timo.bergen#example.de>, relay=none, delay=0.08, delays=0.05/0.01/0/0.02, dsn=5.1.1, status=bounced (User unknown in virtual alias table)
Fixed this, just had to append the Domain to "mydestinations".
mydestination = $myhostname, web-p03.hosting.it.local, localhost.hosting.it.local, , localhost , example.de
We have a VPS with CentOS combined with DirectAdmin which we use for a Magento shop. This runs fine, except for sending email.
Problem:
It appears that some specific domains won't receive our emails and we get a bounce. If we use any other email sending systems, the mails arrive without problems.
The bounce mail contains the following error:
SMTP error from remote mail server after HELO Company-Shops:
host mx-cluster-b2.one.com [IP ADRESS]: 504 5.5.2 :
Helo command rejected: need fully-qualified hostname
After googling and trying things for a week now, I am a bit lost. I tried checking postfix in CentOS, but this is not installed and I'm not quite sure if this is needed.
Possible issue?
I believe the hostfile in CentOS is setup incorrectly:
127.0.0.1 localhost localhost.localdomain localhost4 ... etc
OUR IP Company-Shops
'Company-Shops' should probably be a domain name, am I right? The same as the rDNS. But I'm afraid if I change this it will kill my site and whatnot. I'm not sure if this entry correlates with the 'company-Shops' helo label in the bounce error.
Some extra info:
- We use the webmail Roundcube from DirectAdmin
- At the moment we run one shop, but this might grow a bit (multiple sites on 1 IP)
- We don't use subdomains
- We've set up a reverse DNS, with the domain
Is there anyone with similiar experiences or with a bit more knowledge about this subject? I appreciate any advice we can get, as we are stuck..
Many thanks.
Yes, that's right: your mail server should identify itself using a fully-qualified domain name when it connects to send mail via SMTP. You don't say what mail server you're running, but since you're using DA, it's probably Exim. If so, you want to edit /etc/exim.conf and set primary_hostname to the FQDN of your server.
This would also be a good time to double-check that reverse DNS is set up properly for your IP address. Many hosts will also reject email from servers on IPs without a valid rDNS record.
I'm not familiar with Magento, but I can't see any way that changing the Exim configuration in this way could impact that program.
This is not an EE question, though the client does have an EE website :). I just tagged it this way to get the smart folks in the community to see my question.
I have a client who used to have their email and website hosted separately. They were setup with Exchange Server service from one host and regular linux webhosting with another. The way they had it set up initially was their domain was pointed at their webhost and the MX record was forwarded to their Exchange host. The company from which they were getting the Exchange service through also offers webhosting, so they decided to consolidate. The website was moved to the new account - no problem. Then we pointed the entire domain, from the registrar level, to the host that had previously hosted only their email. That's where the problems set in.
Now, some emails go through, and some don't - seemingly without any specific pattern. You can send the same email to the same address several times, and some go through and others bouceback. The ones that bounceback offer some clues - they mentioned the mail server as mail.clientdomain.com - which is not right, as with their Exchange hosting, there is a separate dedicated domain for Exchange.
What it seems like is that in turning on the webhosting component of their account, two things happened - first, a setup of mail.clientdomain.com seems to have been undertaken even though it's not needed. And then secondly, internal to the hosting architecture, their DNS server is sometimes routing mail through the Exchange server and sometimes running it through mail.clientdomain.com (which of course doesn't work because there are no users set up there, and results in the bounce back).
The main trouble I'm having is telling the host WHAT to fix. I provide them with the symptoms we're experiencing and what I think may be going on, but I'm not well versed in server setup so I can't provide any more direction than i have. I'm hoping someone out there can give me some guidance on how I can run some tests to see where mail at my client's domain is being routed and therefore provide the host with some specific direction as to where the breakpoint is - because thus far, they have been unable to fix the problem.
Thanks all!
UPDATE: HERE'S WHAT THE RETURNED MESSAGES LOOK LIKE MOST RECENTLY:
Hi. This is the qmail-send program at plesk-vl4.ihost-web.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
--- Below this line is a copy of the message.
Return-Path:
Received: (qmail 1553 invoked from network); 2 Nov 2012 07:26:47 -0400
Received: from smtp137.ord.emailsrvr.com (173.203.6.137)
by webmail.plesk-vl4.ihost-web.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Nov 2012 07:26:47 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
by smtp10.relay.ord1a.emailsrvr.com (SMTP Server) with ESMTP id 9803F370097;
Fri, 2 Nov 2012 07:29:55 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp10.relay.ord1a.emailsrvr.com (Authenticated sender: jean-AT-qbmarketing.com) with ESMTPSA id 4BD76370091;
Fri, 2 Nov 2012 07:29:55 -0400 (EDT)
From: Jean St Amand
Content-Type: multipart/alternative; boundary="Apple-Mail=_25EBC7EF-43BA-46B6-94CE-143CA2B87CC2"
Subject: another test email the morning of Nov 2
Date: Fri, 2 Nov 2012 08:32:20 -0300
Message-Id: <56ED44AF-6B20-4627-A53D-1A27E055C2DE#qbmarketing.com>
To: Steve
Mime-Version: 1.0 (Mac OS X Mail 6.2 (1499))
X-Mailer: Apple Mail (2.1499)
The host has said that the system is setup correctly and that the bounce backs are the result of "auto-complete" in our mail programs. But auto-complete only fills in an email address that's been used in the past, not the routing used to get to that destination, isn't that right? If auto-complete played a role in routing, wouldn't everyone run into trouble every time they change web hosts? I've never had any trouble switching hosts in the past, so I find it a bit hard to believe that it's the sender's mail program that's the problem - especially since sometimes the messages do go through, but most often that don't.
What do the MX records for the domain look like? Is there just the one for "Mail.exchangeserver" or multiples? Generally they have a score, so the one with the lowest number gets tried first, if that is unreachable/busy then the next in the list gets used.
Another thing to check out, is to see if the web server is running some form of Control Panel that could be getting in the way of mail routing. I know in the past I've been bitten by cPanel looking locally for mail, even when a remote MX was set up.
If you can post the MX / DNS records, we may be able to help further.
I am trying to avoid running through DNS servers to get an email message to an address on one of my hosted virtual accounts.
I know I can surround the IP address with square brackets but how do I designate the mailbox username for the (virtual) hosted account on the server?
In other words,
I have multiple domains hosted on a virtual server -- all sharing the same IP address
obviously, user#domain.com works fine
but how do I send to user#[123.456.78.90]
Is what I want to do, possible?
Thanks.
A virtual host needs a domain name in order to figure out what to do. You want to send it to an IP address instead of a domain name. Thus it is not going to work through normal methods. You might be able to specify a "default" domain if none match Otherwise, your only hope is to manually forge email. By this, I mean:
telnet 123.456.78.9 25
HELO myhostname.mydomain
MAIL From: <myemail#mydomain>
RCPT To: <user#domain.com>
DATA
From: myemail#mydomain
To: user#domain.com
Subject: Testing
This is a test
.
QUIT
What you want to do is possible, and even secure when using Cjdns IPs. Some clients (e.g. mutt) are "broken" and choke on raw ips as domain. (While technically broken, it is an uncommon use case - mutt is a good client.)
You'll need to tell your MTA to accept the raw ip. E.g. on sendmail, add
[123.456.78.9]
to /etc/mail/local-host-names
You'll also have to turn on accept_unresolvable_domains as sendmail doesn't seem to regard already resolved domains as "resolvable". (Other MTAs may require different tweaks.)
I use thunderbird to send to raw ips, and it works just fine. A friend uses claws-mail with no problems.
I've recently setup my Ubuntu web server with exim4 so my PHP website applications can send email such as "thank you" and "confirmation" notices.
I've got it setup and working such that I can send email to gmail, Yahoo! and my work address. However, my work email gets caught up in our spam filter. I'm new to setting up mail servers so I'm not sure what I might need to look for in making this mail server more trusted, while keeping is secure.
Here are some details:
Server is NATed behind a firewall.
Firewall has port 25 open for outgoing SMTP traffic (from server to anywhere).
Server is virtual hosting a couple different of our websites
The server is running the following exim4 config:
dc_eximconfig_configtype='internet'
dc_other_hostnames='web-serv.example1.com;example2.com'
dc_local_interfacees='127.0.0.1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets='' dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
Questions:
Do I need to open port 25 to incoming SMTP mail (anywhere to server)? I wonder if other mail servers need to talk to my mail server to verify itself, in a sort of handshake attempt.
I have not created any MX records primarily because the server has different websites on it the mail server should send mail for all the websites. Do I need to pick/create a domain address and create MX records for it?
One thing of note is that the mail headers look like this:
Return-Path: <www-data#example2.com>
Received: from web-serv.example1.com ([Firewall public IP Address])
Received-SPF: neutral (google.com: [Firewall public IP Address] is neither permitted nor denied by best guess record for domain of www-data#example2.com)
"web-serv" is the host name of the server, such that you get this if you type it into the command line:
$ hostname
web-serv
and "www-data" is the account name for the Apache2 server that Ubuntu gave it as default.
Any other general advice would be appreciated. It's all new to me.
Cheers!
One item of note, since I posted this question time time ago (almost 10 months) is that I found out the biggest issue I had was with setting up the DNS for reverse DNS on our hosting providers side of things.
In other words, our hosting provider (the people who give us our IP address and manage our hardware) had to enter a record to match my server(s) hostname to whatever IP address it used.
There's a specific name for this. I believe it's a "PTR" record but the name escapes me at the moment, but you basically tell them "my server hostname is ..." and they do a quick update to the DNS for reverse DNS purposes.
When I asked this question, we had a different hosting provider who didn't really help explain this to me, and after switching providers, I got to talk to someone who was happy to help me understand that side of the equation.
And as I understand it, this is setup by the people who assign you the IP addresses. But there's probably more to it than that.
Once I got that setup properly, email had no problem getting through the spam filters and Gmail/Yahoo showed SPF as "passed". It was showing neutral before.
Our company email was set to drop any email that would not resolve reverse DNS, which is why I could not even receive the email or find it in the spam filter. Of course, that situation would be dependent on the company and what email policy and software they're using to manage spam. Some might just drop all email that does not reverse DNS and some might dump it in to spam filters instead.
Hope that might help some people with similar issues.
Cheers!