Only allow AUTH on port 587 (block AUTH on 25)


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » Email » Exim

Only allow AUTH on port 587 (block AUTH on 25)Last Modified: Nov 18, 2018, 4:51 pm
As port 587 is the common client entry point, some Admins may decided to take things once step further and entirely prevent Users from using port 25 for authentication.

The short answer, is that we need the following to be set in exim:

auth_advertise_hosts = ${if or { {eq {$received_port}{465}} {eq {$received_port}{587}} } {*}{}}


If you're running SpamBlocker 4.5.x, this can be done without having to worry about the exim.conf being overwritten.
To do this, created/edit this file:

/etc/exim.variables.conf.custom

and add place the above code inside it.  This is just the placeholder for override settings.
To actually kick that over to the /etc/exim.variables.conf, we let CustomBuild do it with:

cd /usr/local/directadmin/custombuild
./build update
./build eximconf

which will download an updated files, and merge the exim.variables.conf.default and exim.variables.conf.custom, into the exim.variables.conf for exim to actually read.

You can test this functionality, by typing:

telnet localhost 25

and issue a EHLO command, eg:

EHLO localhost

and if it worked correctly, you will NOT see this in the output:

250-AUTH PLAIN LOGIN

Note, if you test from an external host, you'd swap "localhost" with your hostname for the telnet, and the local hostname (client side). Client host must not match the exim host, else it will claim you're impersonating the hostname.

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST