-1

1- What is the meaning of these lines in /var/log/exim/main.log?

I have these lines repeated more than 700 times in main.log

2015-03-16 21:30:57 TLS error on connection from [192.0.2.1] (SSL_accept): error:00000000:lib(0):func(0):reason(0)
2015-03-16 21:31:31 no host name found for IP address 192.0.2.1

How can I block the ip 192.0.2.1 in the exim config file? I don't want to use iptables for this ip

Can I block it with exim?

2- I would like also to know the meaning of 

2015-03-15 06:29:41 no IP address found for host example.com (during SMTP connection from [192.0.2.1])
2015-03-15 06:29:41 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[192.0.2.1]

Actually, I don't want to recive any email in my server. I only want to send email through a php application. So I only need that the mail server being capable to send emails.

3- If I block with iptables all ip's except 127.0.0.1 (with exim) could I block all these attempts?

I don't want to allow any remote ip or host to authenticate or send emails.

Thanks in advance.

sebix
  • 4,313
  • 2
  • 29
  • 47
dac777
  • 3
  • 2

2 Answers2

0

If you only want to access exim from your own server you can configure it to listen to 127.0.0.1. This way your server will not be accessible from the internet. No need to use iptables.

If you need more instructions you can look at this answer.

Community
  • 1
Martin
  • 363
  • 1
  • 3
  • 8
  • I have readed the post you suggest, but I don't know how to edit "dc_local_interfaces". Should I run "dpkg-reconfigure exim4-config" ? to edit dc_local_interfaces? or is there a .conf file to do this? – dac777 Mar 22 '15 at 15:39
  • To be honest I do not use exim myself so I don't have a system where I could try this. But according to the Debian Documentation the exim config files should be available at `/etc/exim4` – Martin Mar 22 '15 at 15:43
  • Maybe I should have said that I'm using centos and not debian. Ok, I will read more about the possible solutions you suggest me, before I touch anything in the server...Thank you for answers. – dac777 Mar 22 '15 at 17:26
0

What is the meaning of these lines in /var/log/exim/main.log?

Many possible reasons. TLS/SSL version mismatch, the client sent plaintext, but the server expected TLS. Don't worry about that, if all other incoming connections succeed, as this is very likely a spammer (As the PTR lookup failed)

How can I block the ip xx.xx.xx..xx in the exim config file? I don't want to use iptables for this ip Instead of a permanent ban, I recommend using fail2ban with a rule for this line:

failregex = TLS error on connection from \[<HOST>\].*$

Can I block it with exim?

Yes, you can, But it's harder to maintain and means a permanent ban. Also, you have to update and maintain this list for yourself. Fail2ban does temporary bans automatically

If I block with iptables all ip's except 127.0.0.1 (with exim) could I block all these attempts?

Yes, you can.

I don't want to allow any remote ip or host to authenticate or send emails.

Please don't. It is highly recommended to read mails, that are received for postmaster, webmaster, absue, hostmaster, admin, administrator and others. See also RFC 2142 on this topic. You may miss important information if you deny them all.

I don't want to allow any remote ip or host to authenticate or send emails.

If you don't have any valid recipients except for those mentioned above, you also can't get mails for others that don't exist.

To disable authentication disable advertising it for all hosts (in exim.conf or conf.d/auth/), docs:

auth_advertise_hosts =
sebix
  • 4,313
  • 2
  • 29
  • 47
  • The other day when I banned manually the ip with iptables it still continue appearing the ip in the logs. So, I don't know if trust in fail2ban...or maybe there is something that I don't configued properly... Ok, I will allow remote host send email.... But, How can I block login attempts? – dac777 Mar 22 '15 at 15:37
  • Most probably you had made a mistake in your iptables-command. Thus, using fail2ban can ban those for you and you don't have to worry about iptables syntax, parameters and functionality. – sebix Mar 22 '15 at 15:52
  • I found your last edit suggestion about AUTH_CRAM_MD5=no, etc here http://www.exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.html. But I'm looking wher I can add or edit this line. I have looked in exim.conf using ctrl+F and I have not found these lines... I will look again fail2ban... – dac777 Mar 22 '15 at 16:06
  • Ok, thank you, but I don't find wehre disable all auth methods. In the exim documentation say that are located in Local/Makefile. But I don't know where to find this. I will try with iptables. I think Exim config is to convoluted... – dac777 Mar 22 '15 at 16:26
  • See my updated my answer to disable auth. – sebix Mar 22 '15 at 16:58