HowTo Setup Basic SMTP AUTH in Exim4
Posted by Anonymous on Wed 26 Oct 2005 at 13:56
This brief guide will explain the steps you can take to get basic SMTP AUTH working with Debian Sarge's exim4 package. (For users connecting to your server, not for forwarding via your ISP)
First of all generate an Exim SSL certificate:
# /usr/share/doc/exim4-base/examples/exim-gencert
Now edit /etc/exim4/exim4.conf.template using your favourite text editor.
Uncomment (don't copy and paste from here because my copy from file cut out end of lines) the following lines:
# plain_server:
# driver = plaintext
# public_name = PLAIN
# server_condition = "${if crypteq{$3}{${extract{1}{:}{${lookup{$2}lsearch{CON$
# server_set_id = $2
# server_prompts = :
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif
Once that has been done create (or edit if it exists) /etc/exim4/exim4.conf.localmacros
Add the line:
MAIN_TLS_ENABLE = true
To actually setup the users and passwords create /etc/exim4/passwd
Copy output from:
htpasswd -nd usernameforsmtp
And paste it in /etc/exim4/passwd
Repeat for any other logins you'd like to add.
Now you're done. Update your configuration and Restart Exim4:
# update-exim4.conf # /etc/init.d/exim4 restart
[ Send Message | View Serge's Scratchpad | View Weblogs ]
-- On a sidenote, I'm wondering if there exists some way to restrict an authenticated user, who's sending mail through SMTP, to a particular From: address field. E.g. to avoid spoofing, just as Gmail is doing.
--
Serge van Ginderachter
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Send Message | View Serge's Scratchpad | View Weblogs ]
Excepted if you use an other authorized email address.
So indeed, Google Mail does not deny your mail with an unknown address, but it does rewrite it.
--
Serge van Ginderachter
[ Parent | Reply to this comment ]
HOWEVER in reality this is kinda useless, as Gmail still insists on adding a "Sender" header to your email with your Gmail account name. So you wind up with the From field set to your desired [external] account, and the Sender field being set to your Gmail account. What's the big deal, you ask? When Sender is present and it disagrees with From, it causes unpleasant output in some mail readers. For instance, Outlook displays a message with "From: Richard Foo [foo@bar.com]" and "Sender: www-data [www-data@bar.org]" like this:
From: www-data [mailto:www-data@bar.org] On Behalf Of Richard Foo
That is just ugly. Go Microsoft.
-Jim
[ Parent | Reply to this comment ]
usernameforsmtp:OwKKzye293Vo
What is this? Also, is this all that is necessary to be able to send and receive email, or do I need to set up a POP3 client for my server as well?
The documentation for Exim4 is pretty intimidating - does anyone know of a tutorial to get everything set and working up on a Debian system?
[ Parent | Reply to this comment ]
i just tried, but it doesn't seem to be enough for me. i get:
"503 AUTH command used when not advertised"
see this thread
cheers, piem
[ Parent | Reply to this comment ]
the files to edit/create in the split config are:
/etc/exim4/conf.d/auth/30_exim4-config_examples
/etc/exim4/conf.d/main/000_localmacros
cheers!
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
"... Please note that apache's htpasswd program generates a file in the correct format, but uses a different crypt scheme. So, htpassword will NOT work for exim4."
I assumed that if that was the case I wouldn't be allowed to send the mail because of a password error. I did the standard `update-exim4.conf` and then restarted exim with `/etc/init.d/exim4 restart` to no avail. I'd be very interested in hearing what others have done to enable some kind of SMTP authentication as I want to be able to send mail from whichever network I have my laptop connected to at the time without having to jump through hoops to do so.
[ Parent | Reply to this comment ]
Thanks to the author for getting things underway for me, and of course to the debian-administration.org website for hosting the great content (as always!)
[ Parent | Reply to this comment ]
telnet relay-test.mail-abuse.org
it will report to you whether or not the relay is open.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
* the plain_server entry can be found in /etc/exim4/conf.d/auth/30_exim4-config_examples
* add the "MAIN_TLS_ENABLE = true" line to the file /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
[ Parent | Reply to this comment ]
swaks --tls --auth --to rdorsch@web.de --server alzental-castle.de
hang at
<- 250 HELP
-> STARTTLS
The explanation was that the system had not enough entropy. For details, see
http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg 21083.html
The solution for me was to install
rng-tools - Daemon to use a Hardware TRNG
[ Parent | Reply to this comment ]
You do still have to (I think) enable the tls and generate your certificates.
(why do maintainers add notes in very long README.Debian files and put the important stuff in the middle?)
But the SMTP AUTH part is already setup in the default debian install .. you just need to run
/usr/share/doc/exim4/examples/exim-adduserThis little proggy adds the correct username:hash:plainpass formatted entry in /etc/exim4/passwd automagically. The author of exim-adduser has a note at the bottom of the perl script under BUGS "Probably many, this really is just example code." but it does work.
EXIM4_FILES(5) states that you should use "mkpasswd -H md5" but in my test that must be broken or one of the exim4 conf files needs updated to accept that hash.
The only two directives in my /etc/exim4/conf.d/main/00_myconf are
MAIN_TLS_ENABLE = true LOCAL_DELIVERY = maildir_home #exim4 starts using maildirs and creates them if they are missing.-Curt
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
/usr/share/doc/exim4/examples/exim-adduser
Just a warning about this. The program (at least in exim4-base_4.50-8sarge2) creates the file with normal file permissions, which may be as root:root with octal permissions 644.
This leaves smtp-auth passwords exposed to local users. You need to fix the permissions by running:
sudo chown root:Debian-exim /etc/exim4/passwd sudo chmod 640 /etc/exim4/passwd
[ Parent | Reply to this comment ]
THANK YOU!!!
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
e.g.
user1@domain.com
user2@domain.com
user3@domain.com
each has a separate gmail account and I have fetchmail pulling from each account.
Is there a way to setup exim to send each user with different gmail authentication so they don't all end up in the sent items for user1?
Thanks, David
[ Parent | Reply to this comment ]
and i get a syntactically invalid ehlo arguments error upon running my java program
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
# cram_md5_server:
# driver = cram_md5
# public_name = CRAM-MD5
# server_secret = ${extract{2}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}fa il}}}
# server_set_id = $auth1
(these can be found immediately after the lines for login_server)
to generate hashes for /etc/exim4/passwd, run 'mkpasswd -H md5' (you may need to install the 'whois' package to get mkpasswd).
See: http://man.root.cz/5/exim4-config-files/#etc-exim4-passwd
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
Thanx in advance
[ Parent | Reply to this comment ]