1

Our webserver sends emails using Exim4 but the headers show that the email originates from another server. These lines below are in the email header.

What could be in the Exim4.conf file that would send the emails to electric.net? I don't see any place in the configurations where this could be happening. I don't even know what smtp-out4.electric.net is.

We want to send emails directly from the server but we see that whoever set it up seems to be directing them to another place.

X-Originating-IP: [192.162.216.194]

Received: from 127.0.0.1  (EHLO smtp-out4.electric.net) (192.162.216.194)
  by mta1017.mail.ir2.yahoo.com with SMTPS; Thu, 20 Apr 2017 16:03:43 +0000
Received: from 1d1EYY-0008Hr-TS by out4b.electric.net with emc1-ok (Exim 4.87)
    (envelope-from <www-data@[our domain].com>)
    id 1d1EYY-0008Lj-Vu
    for [recepient]@yahoo.co.uk; Thu, 20 Apr 2017 09:03:42 -0700
Received: by emcmailer; Thu, 20 Apr 2017 09:03:42 -0700
Received: from [our IP] (helo=mail3.[our domain])
    by out4b.electric.net with esmtps (TLSv1.2:DHE-RSA-AES128-SHA:128)
    (Exim 4.87)
    (envelope-from <www-data@mail3.[our domain]>)
    id 1d1EYY-0008Hr-TS
    for [recipient]@yahoo.co.uk; Thu, 20 Apr 2017 09:03:42 -0700
I Newton
  • 19

3 Answers3

3

Exim has a built-in way to troubleshoot problems like this: address test mode.

$ /usr/sbin/exim4 -bt postmaster@gmail.com
R: domain_literal for postmaster@gmail.com
R: dnslookup_secure for postmaster@gmail.com
postmaster@gmail.com
  router = dnslookup_secure, transport = remote_smtp_secure
  host gmail-smtp-in.l.google.com      [2607:f8b0:400d:c0d::1a] MX=5
  host gmail-smtp-in.l.google.com      [209.85.232.26]          MX=5
⋮

The two R: lines are telling saying which routers it's trying, that second one is in my config to force mail to certain common, TLS-enabled domains (such as gmail.com) to be sent over TLS.

Another example, on a different machine:

$ /usr/sbin/exim4 -bt postmaster@gmail.com
R: smarthost for postmaster@gmail.com
postmaster@gmail.com
  router = smarthost, transport = remote_smtp_smarthost
  host einstein.home [192.168.65.24]

This machine is set up to use a smart host, which handles all outgoing mail. You can see it's using the smarthost router, and routing through the smarthost einstein.home.

It's possible you'll need to run the address test as a privileged user. Not required in my setup.

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
derobert
  • 109,670
1

Your mailserver might be configured to use a smarthost.

Look for this in exim.conf:

  transport = remote_smtp
  route_list = * REMOTEHOST

where REMOTEHOST is a hostname or ip-address

If it's an ip-address, do a reverse lookup on it. If it's under "electric.net", there's your answer.

Also, check your own hostnames to see if your ISP is configuring one of them via DHCP with a domain under electric.net:

hostname -A
Jim U
  • 149
1

Is the sending server allowed by you domain's policies? Your web server should not be allowed to send mail directly, and is likely to have delivery issues if it does.

You likely have Exim4 setup to use a smartmailer to deliver email. This is the correct setting for your web server which should deliver mail via your MTA (Mail Transport Agent), which is often your MX (Mail Exchange) server. This server will have the correct DNS entries to ensure you mail is likely to be delivered rather than sent to the spam bucket. These DNS entries include:

  • correct PTR record to ensure rDNS (reverse DNS) validation succeeds. (Required)
  • SPF records for the sending domain, and the mail servers DNS name. (Recommended)
  • DKIM records and configuration to sign the outgoing mail. (Recommended, but often poorly implemented.)
  • DMARC records to allow receiving servers to apply your domains SPF and DKIM policies (Recommended, but not often used by smaller volume servers.)
BillThor
  • 8,965