-3

Trying to configure Exim mail server using this article. I can use this server inside my local network but when I try to use it from internet I taking some errors. Ports 10000-20000 translate to server machine. Everything I doing inside the docker image of CentOS 7. Host machine with CentOS 7 too.

Abbreviations:

  • test_domain.tk - my test domain
  • test1, test2 - test users
  • test@external.com - test external email
  • 123.456.789.876 - my external ip (I have router with NAT)
  • 10.0.7.30 - docker's tunnel

Starting docker with command: docker run -d --name mail -h test_domain.tk -p 10025:25 -p 10587:587 -p 10465:465 -p 10143:143 -p 10993:993 mail/server:localwork start_server

start_server:

#!/bin/bash -e
/usr/sbin/dovecot && /usr/sbin/exim -v -bdf -q30m

/etc/exim/exim.conf:

primary_hostname = test_domain.tk

domainlist local_domains = @ : localhost : test_domain.tk
domainlist relay_to_domains = 
hostlist   relay_from_hosts = 


acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime


av_scanner = clamd:/var/run/clamd.exim/clamd.sock


tls_advertise_hosts = *

tls_certificate = /etc/ssl/default.crt
tls_privatekey = /etc/ssl/default.key

daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465

allow_domain_literals

never_users = root

auth_advertise_hosts = *

rfc1413_hosts = *
rfc1413_query_timeout = 5s

ignore_bounce_errors_after = 2d

timeout_frozen_after = 7d

begin acl

acl_check_mail:

  deny condition = ${if eq{$sender_helo_name}{} {1}}
       message = Nice boys say HELO first

  warn condition = ${if eq{$sender_host_name}{} {1}}
       set acl_m_greylistreasons = Host $sender_host_address lacks reverse DNS\n$acl_m_greylistreasons

  accept

acl_check_rcpt:

  accept  hosts = :
          control = dkim_disable_verify

  deny    message       = Restricted characters in address
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]

  deny    message       = Restricted characters in address
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

  accept  local_parts   = postmaster
          domains       = +local_domains

  require verify        = sender

  accept  hosts         = +relay_from_hosts
          control       = submission
          control       = dkim_disable_verify

  accept  authenticated = *
          control       = submission
          control       = dkim_disable_verify

  require message = relay not permitted
          domains = +local_domains : +relay_to_domains

  require verify = recipient

  accept

acl_check_data:

  warn    condition  = ${if !def:h_Message-ID: {1}}
          set acl_m_greylistreasons = Message lacks Message-Id: header. Consult RFC2822.\n$acl_m_greylistreasons

  accept

acl_check_mime:

  deny message = Blacklisted file extension detected
       condition = ${if match \
                        {${lc:$mime_filename}} \
                        {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
                     {1}{0}}

  accept

begin routers

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
# if ipv6-enabled then instead use:
# ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
  no_more

system_aliases:
  driver = redirect
  allow_fail
  allow_defer
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
# user = exim
  file_transport = address_file
  pipe_transport = address_pipe

userforward:
  driver = redirect
  check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
  file = $home/.forward
  allow_filter
  no_verify
  no_expn
  check_ancestor
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply

procmail:
  driver = accept
  check_local_user
  require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
  transport = procmail
  no_verify

localuser:
  driver = accept
  check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
  transport = local_delivery
  cannot_route_message = Unknown user

begin transports

remote_smtp:
  driver = smtp

remote_msa:
  driver = smtp
  port = 587
  hosts_require_auth = *

procmail:
  driver = pipe
  command = "/usr/bin/procmail -d $local_part"
  return_path_add
  delivery_date_add
  envelope_to_add
  user = $local_part
  initgroups
  return_output

local_delivery:
  driver = appendfile
  directory = $home/Maildir
  maildir_format
  maildir_use_size_file
  delivery_date_add
  envelope_to_add
  return_path_add

address_pipe:
  driver = pipe
  return_output

address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

address_reply:
  driver = autoreply

begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h

begin rewrite

begin authenticators

dovecot_login:
  driver = dovecot
  public_name = LOGIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1

dovecot_plain:
  driver = dovecot
  public_name = PLAIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1

exim log:

    8 LOG: MAIN
    8   exim 4.84 daemon started: pid=8, -q30m, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) and for SMTPS on port 465 (IPv6 and IPv4)
   16 LOG: host_lookup_failed MAIN
   16   no host name found for IP address 123.456.789.876
   16 LOG: MAIN REJECT
   16   H=([10.0.7.30]) [123.456.789.876] X=SSLv3:DHE-RSA-AES128-SHA:128 F=<test1@test_domain.tk> rejected RCPT <test@external.com>: relay not permitted
   16 LOG: lost_incoming_connection MAIN
   16   unexpected disconnection while reading SMTP command from ([10.0.7.30]) [123.456.789.876]

When I try to connect from internet I got timeout error in mail client and empty logs in Exim. It's probably problem of work with router. How to make it works?

Ask me if you need more data. Thanks in advance.

Community
  • 1
  • 1
Andrew
  • 161
  • 2
  • 14

2 Answers2

0

You have your docker internal ports (for example 10025) mapped to standard smtp ports (for example 25), but you have exim listening on the standard ports instead of the mapped internal ports. Configure exim to listen on 10025, 10465, 10587 and see if the behavior changes.

Todd Lyons
  • 998
  • 12
  • 19
  • It's actually the opposite, OP has port 10025 on the host mapped to 25 in the container. – Abdullah Jibaly Feb 14 '15 at 03:00
  • 1
    If that's the case, it can never work. Nothing from the outside will know to try to deliver to port 10025 instead of port 25, the default SMTP port. The first thing that must be done is to fix his container port mappings so that 25 on the outside is mapped to whatever exim is listening to on the inside. – Todd Lyons Feb 16 '15 at 13:54
0

It seems there's an issue with reverse DNS lookup according to this ancient post. Try disabling host_lookup and see if that works:

host_lookup = 0.0.0.0/0

If it does you'll have to fix your DNS settings to map the right domain to your host.

Abdullah Jibaly
  • 53,220
  • 42
  • 124
  • 197