NiyasHussain.com

I have found this error in exim mail server. To resolve this issue,

1)Login to your server

2)vi /etc/exim.conf

find the term helo under “drop” and delete the rule which is causing trouble. If the error is like,

550 "REJECTED - Bad HELO - Host
impersonating [serverhostname]

Delete the hostname rule for drop.

Hello,

Quite few times your server’s main/shared IP address may get black listed by most of RBLs due to x reasons.
In such situations, it would be very difficult to receive/send some important emails due to this black list.
In such situation a quick solution is to route the emails through a secondary IP address on the same server which is not black listed under those RBLs.

The mail server on cpanel i.e exim allows you to change the default IP address used by the mail server so that you would be able to route all emails through this new secondary IP address.

Here are the step by step instructions for you to configure your exim mail server to use new IP address.

Step 1 : Shutdown the exim service.
# service exim stop or /etc/init.d/exim stop

Step 2 : Edit your exim configuration file.
# vi /etc/exim.conf

Step 3: go to “remote_smtp” section under “TRANSPORTS CONFIGURATION”.
By default it would look like below:

Quote:
remote_smtp:
driver = smtp
interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_ho stname}}
Step 4 : Remove or comment line containing “interface” and “helo_data” and add new “interface” to match with that of your new IP address. It should look like as follows:
Quote:
remote_smtp:
driver = smtp
interface = 12.12.12.12 # Your IP address.
Step 5 : Save your changes and exit out from your exim configuration file.

Note : Dont forget to set read only attributes on exim configuration file, so that it wont get reset to default automatically.

You can do it using following command:
# chattr +aui /etc/exim.conf

Step 6 : start exim service on your server.
# service exim restart or /etc/init.d/exim restart

Step 7 : Make sure to set reverse DNS for this new IP address to point a valid FQDN.

Step 8 : Try sending a test email and you will find that, it was sent using this new IP address configured under your exim configuration.

You can verify it by checking the header of new email under exim’s log file i.e /var/log/exim_mainlog

When the intended recipient does not receive an e-mail and it is sent back to the sender, it is said that the e-mail has bounced. The sender receives an error message to that effect. But what exactly happens when an email bounces?

When an e-mail has been sent the sender’s e-mail system makes contact with the recipient’s mail server. The mail server checks for any message to allow or disallow such a mail to pass through. Some of the circumstances under which an email bounces are these:

Hard Bounce:

1. The mail server has barred receiving of mails from the sender’s address. (For example, if the address of the sender is blocked.)
2. The recipient’s mail server is too busy to handle the request.

Soft Bounce:

1. The e-mail address does not exist on the recipient’s mail server.
2. The e-mail address is erroneous or miss spelt.
3. The recipient exists but does not have enough disk space to accept the message.
4. If the message size is much bigger than the message size pre-decided by the server.

Sometimes, an e-mail may bounce back due to network failure on the recipient’s server

After transfer cPanel accounts to another server and all email logins stopped working completely. Everything works fine except email, you get “wrong password” error. You also try to update password via cPanel and still got the same. Deleted all email accounts and re-created them again using old passwords, still can’t login also.

Here the solution…

Login to your server using SSH as root, then run these commands:

# service courier-authlib restart
# service courier-imap restart

If you need to send a file with a particular extension as attachment

To send a file with extension .isp as attachment

Error:-
Not able to send the mail with a file of extension .isp as attachment
Getting Mail Delivery Failure with the following error

“This message has been rejected because it has
potentially executable content $1
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.”

Resolution:-

Remove the extension ie .isp from the following files
/etc/antivirus.exim
/etc/cpanel_exim_system_filter

The entries of the file extensions will be given as below in the above files

if $header_content-type: matches “(?:file)?name=(\”[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\”)”

If mail queue have more then 10000 mails client is unable to send the mails, you may need to clear out frozen mails.

To list the number of frozen mails
exim -bpru|grep frozen | wc -l

To remove the frozen messages.
exim -bpru|grep frozen|awk {’print $3′}|xargs exim -Mrm

Please check mail queue properly and observer which account is sending the mask mails.
Run following command to delete mails of that account.
Example:grep -lr account@yourdomain.com /var/spool/exim/input/* | xargs rm -rf

Do the following things to delete mail from particular domains.
grep -lr domainname.com /var/spool/exim/input/* |xargs rm -rf

To print a count of the messages in the queue
root@localhost# exim -bpc

Print a listing of the messages in the queue (time queued, size, message-id, sender, recipient)
root@localhost# exim -bp

Print a summary of messages in the queue (count, volume, oldest, newest, domain, and totals):
root@localhost# exim -bp | exiqsumm

Generate and display Exim stats from a logfile:
root@localhost# eximstats /var/log/exim_mainlog

Same as above, with less verbose output:
root@localhost# eximstats -ne -nr -nt /var/log/exim_mainlog

Same as above, for one particular day:
root@localhost# fgrep YYYY-MM-DD /var/log/exim_mainlog | eximstats

Print what Exim is doing right now:
root@localhost# exiwhat

Searching the queue

Search the queue for messages from a specific sender:
root@localhost# exiqgrep -f [luser]@domain

Search the queue for messages for a specific recipient/domain:
root@localhost# exiqgrep -r [luser]@domain

To Print just the message-id of the entire queue:
root@localhost# exiqgrep -i

Managing the queue

Start a queue run:
root@localhost# exim -q -v

Start a queue run for just local deliveries:
root@localhost# exim -ql -v

Remove a message from the queue:
root@localhost# exim -Mrm <message-id>

Freeze a message:
root@localhost# exim -Mf <message-id>

Deliver a specific message:
root@localhost# exim -M <message-id>

Force a message to fail and bounce:
root@localhost# exim -Mg <message-id>

Remove all frozen messages:
root@localhost# exiqgrep -z -i | xargs exim -Mrm

Freeze all queued mail from a given sender:
root@localhost# exiqgrep -i -f luser@example.tld | xargs exim -Mf

View a message’s headers:
root@localhost# exim -Mvh <message-id>

View a message’s body:
root@localhost# exim -Mvb <message-id>

View a message’s logs:
root@localhost# exim -Mvl <message-id>

Stop PHP nobody Spammers

PHP and Apache has a history of not being able to track which users are sending out mail through the PHP mail function from the nobody user causing leaks in formmail scripts and malicious users to spam from your server without you knowing who or where.

Watching your exim_mainlog doesn’t exactly help, you see th email going out but you can’t track from which user or script is sending it. This is a quick and dirty way to get around the nobody spam problem on your Linux server.

If you check out your PHP.ini file you’ll notice that your mail program is set to: /usr/sbin/sendmail and 99.99% of PHP scripts will just use the built in mail(); function for PHP - so everything will go through /usr/sbin/sendmail =)

Requirements:
We assume you’re using Apache 1.3x, PHP 4.3x and Exim. This may work on other systems but we’re only tested it on a Cpanel/WHM Red Hat Enterprise system.

Time:
10 Minutes, Root access required.

Step 1)
Login to your server and su - to root.

Article provided by WebHostGear.com

Step 2)
Turn off exim while we do this so it doesn’t freak out.
/etc/init.d/exim stop

Step 3)
Backup your original /usr/sbin/sendmail file. On systems using Exim MTA, the sendmail file is just basically a pointer to Exim itself.
mv /usr/sbin/sendmail /usr/sbin/sendmail.hidden

Step 4)
Create the spam monitoring script for the new sendmail.
pico /usr/sbin/sendmail

Paste in the following:

#!/usr/local/bin/perl

# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, “>>/var/log/spam_log”) || die “Failed to open file ::$!”;
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO “$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n”;
}
else {

print INFO “$date - $PWD -  @infon”;

}
my $mailprog = ‘/usr/sbin/sendmail.hidden’;
foreach  (@ARGV) {
$arg=”$arg” . ” $_”;
}

open (MAIL,”|$mailprog $arg”) || die “cannot open $mailprog: $!n”;
while (<STDIN> ) {
print MAIL;
}
close (INFO);
close (MAIL);

Step 5)
Change the new sendmail permissions
chmod +x /usr/sbin/sendmail

Step 6)
Create a new log file to keep a history of all mail going out of the server using web scripts
touch /var/log/spam_log

chmod 0777 /var/log/spam_log

Step 7)
Start Exim up again.
/etc/init.d/exim start

Step
Monitor your spam_log file for spam, try using any formmail or script that uses a mail function - a message board, a contact script.
tail - f /var/log/spam_log

Sample Log Output

Mon Apr 11 07:12:21 EDT 2005 - /home/username/public_html/directory/subdirectory -  nobody x 99 99   Nobody / /sbin/nologin

Log Rotation Details
Your spam_log file isn’t set to be rotated so it might get to be very large quickly. Keep an eye on it and consider adding it to your logrotation.

pico /etc/logrotate.conf

FIND:
# no packages own wtmp — we’ll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}

ADD BELOW:

# SPAM LOG rotation
/var/log/spam_log {
monthly
create 0777 root root
rotate 1
}

Notes:
You may also want to chattr + i /usr/sbin/sendmail so it doesn’t get overwritten.

Enjoy knowing you can see nobody is actually somebody =)

Hello,

Quite few times your server’s main/shared IP address may get black listed by most of RBLs due to x reasons.
In such situations, it would be very difficult to receive/send some important emails due to this black list.
In such situation a quick solution is to route the emails through a secondary IP address on the same server which is not black listed under those RBLs.

The mail server on cpanel i.e exim allows you to change the default IP address used by the mail server so that you would be able to route all emails through this new secondary IP address.

Here are the step by step instructions for you to configure your exim mail server to use new IP address.

Step 1 : Shutdown the exim service.
# service exim stop or /etc/init.d/exim stop

Step 2 : Edit your exim configuration file.
# vi /etc/exim.conf

Step 3: go to “remote_smtp” section under “TRANSPORTS CONFIGURATION”.
By default it would look like below:

Quote:
remote_smtp:
driver = smtp
interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_ho stname}}
Step 4 : Remove or comment line containing “interface” and “helo_data” and add new “interface” to match with that of your new IP address. It should look like as follows:
Quote:
remote_smtp:
driver = smtp
interface = 12.12.12.12 # Your IP address.
Step 5 : Save your changes and exit out from your exim configuration file.

Note : Dont forget to set read only attributes on exim configuration file, so that it wont get reset to default automatically.

You can do it using following command:
# chattr +aui /etc/exim.conf

Step 6 : start exim service on your server.
# service exim restart or /etc/init.d/exim restart

Step 7 : Make sure to set reverse DNS for this new IP address to point a valid FQDN.

Step 8 : Try sending a test email and you will find that, it was sent using this new IP address configured under your exim configuration.

You can verify it by checking the header of new email under exim’s log file i.e /var/log/exim_mainlog

To print a count of the messages in the queue
root@localhost# exim -bpc

Print a listing of the messages in the queue (time queued, size, message-id, sender, recipient)
root@localhost# exim -bp

Print a summary of messages in the queue (count, volume, oldest, newest, domain, and totals):
root@localhost# exim -bp | exiqsumm

Generate and display Exim stats from a logfile:
root@localhost# eximstats /var/log/exim_mainlog

Same as above, with less verbose output:
root@localhost# eximstats -ne -nr -nt /var/log/exim_mainlog

Same as above, for one particular day:
root@localhost# fgrep YYYY-MM-DD /var/log/exim_mainlog | eximstats

Print what Exim is doing right now:
root@localhost# exiwhat

Searching the queue

Search the queue for messages from a specific sender:
root@localhost# exiqgrep -f [luser]@domain

Search the queue for messages for a specific recipient/domain:
root@localhost# exiqgrep -r [luser]@domain

To Print just the message-id of the entire queue:
root@localhost# exiqgrep -i

Managing the queue

Start a queue run:
root@localhost# exim -q -v

Start a queue run for just local deliveries:
root@localhost# exim -ql -v

Remove a message from the queue:
root@localhost# exim -Mrm

Freeze a message:
root@localhost# exim -Mf

Deliver a specific message:
root@localhost# exim -M

Force a message to fail and bounce:
root@localhost# exim -Mg

Remove all frozen messages:
root@localhost# exiqgrep -z -i | xargs exim -Mrm

Freeze all queued mail from a given sender:
root@localhost# exiqgrep -i -f luser@example.tld | xargs exim -Mf

View a message’s headers:
root@localhost# exim -Mvh

View a message’s body:
root@localhost# exim -Mvb

View a message’s logs:
root@localhost# exim -Mvl