QuickTip use exim for normal mail but stop for secure smtp server
Isn’t this weird? most people ask how to configure a mail server for secure smtp but one of my friend told me that he has a server which running Exim mail server on both port 25 (normal) and port 465 (secure smtp) now he is facing difficulties because the SSL certificates which Exim uses are expired. He wanted to close port 465 without affecting port 25 used by their scripts.
Here’s what I did and worked but if you have better idea or something to add, I’ll be glad to hear.
1. Check that Exim is listening on which ports or which ports are open:
# netstat -ant | grep LIST tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 0 :::587 :::* LISTEN tcp 0 0 :::80 :::* LISTEN tcp 0 0 :::465 :::* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 :::25 :::* LISTEN tcp 0 0 :::443 :::* LISTEN
here port 25, 465 and 587 are used by exim (mail server). how to know which ports are used by which program?
simple, use lsof command. like we want to know which program is listening on port 25:
# lsof -i :25 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME exim 11290 exim 3u IPv6 7144552 TCP *:smtp (LISTEN) exim 11290 exim 4u IPv4 7144553 TCP *:smtp (LISTEN)
so its Exim.
2. Open config file for exim (/etc/exim/exim.conf on redhat based distros) and search and comment out following lines:
$ vi /etc/exim/exim.conf tls_advertise_hosts = * ## comment this line to prevent clients connecting for tls tls_certificate = /etc/pki/tls/certs/exim.pem ## comment, we dont need to specify ssl certificates tls_privatekey = /etc/pki/tls/private/exim.pem ## comment daemon_smtp_ports = 25 : 465 : 587 ## comment this line, copy and paste in next line but with only 25 as port number tls_on_connect_ports = 465 ## comment, we dont need tls on port 465
so after commenting/updating, the above lines should look line below in /etc/exim/exim.conf file:
# tls_advertise_hosts = * # tls_certificate = /etc/pki/tls/certs/exim.pem ## comment, we dont need to specify ssl certificates # tls_privatekey = /etc/pki/tls/private/exim.pem ## comment # daemon_smtp_ports = 25 : 465 : 587 ## comment this line, copy and paste in next line but with only 25 as port number # tls_on_connect_ports = 465 ## comment, we dont need tls on port 465 daemon_smtp_ports = 25 ## dont comment this.
3. Restart exim server and check open ports again:
# /etc/init.d/exim restart Shutting down exim: [ OK ] Starting exim: [ OK ] [root@ds-29142 ~]# netstat -ant | grep LIST tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 0 :::80 :::* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 :::25 :::* LISTEN tcp 0 0 :::443 :::* LISTEN
Port 465 is not there now, so we have stopped secure stmp service in this host.