On 2008-06-18 at 14:34 -0700, Vahe Oughourlian (Xpree) wrote:
> Say my isp is
>
> mail.isp.com
isp.com is a real domain. I'll go with mail.isp.tld. :)
> and my username is
>
> username
>
> and my password is
>
> password
I'll write these as your_username and your_password for clarity.
> What would my configuration be in exim.conf, with the appropriate
> configurations in routers, transports, and authenticators (I'm assuming
> the configuration would require something in all three sections)?
First Router (they're an ordered list):
----------------------------8< cut here >8------------------------------
begin routers
isp_smarthost:
driver = manualroute
domains = ! +local_domains
transport = smarthost_smtp
route_data = mail.isp.tld
same_domain_copy_routing
no_more
----------------------------8< cut here >8------------------------------
Transports are just a collection of definitions, so order doesn't
matter; you'll need this; if the ISP supports using Submission on port
587, you can try using that (especially if it's a laptop which can roam
elsewhere). Hopefully the ISP offers TLS so you can get an encrypted
link but perhaps they don't (eg, national laws which would compel them
to have session key recording infrastructure and be able to hand over
keys on demand might lead to them just not offering TLS); if they don't,
comment out the _tls line. You might want to set the global option
"tls_verify_certificates" to let you verify their cert (see docs for
details).
----------------------------8< cut here >8------------------------------
begin transports
smarthost_smtp:
driver = smtp
# port = 587
hosts_require_tls = mail.isp.tld
hosts_require_auth = mail.isp.tld
# you can set helo_data to something defining your account too
----------------------------8< cut here >8------------------------------
By this point, you might well consider using a macro to extract the
definition of mail.isp.tld to the top of the file. :)
For the authenticators, it really depends upon which authentication
systems the ISP supports. This can vary a lot. I'll give you
simplified versions of what I have on my laptop.
I don't know which version of Exim Centos ships with; "exim -bV" will
report it. The use of $tls_cipher here is only valid from Exim 4.68
onwards; it will keep you from ever using cleartext authentication over
an unencrypted link. With hosts_require_tls, this becomes a
"belt+braces" approach to protection, with double safety-checks. For
protecting passwords, that's not a bad plan.
----------------------------8< cut here >8------------------------------
begin authenticators
auth_plain:
driver = plaintext
public_name = PLAIN
client_condition = ${if def:tls_cipher}
client_send = ^your_username^your_password
auth_cram:
driver = cram_md5
public_name = CRAM-MD5
client_name = your_username
client_password = your_password
----------------------------8< cut here >8------------------------------
The '^' becomes a NUL character; see RFC 4616 for details of PLAIN if
you're interested in why those are there (and RFC 2195 for details of
CRAM-MD5).
It's fairly common to extract the password to an external file and use
Exim's string replacement to let you look the details up, instead of
hardcoding the password in the Exim config file.
Regards,
-Phil
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
