On 2008-06-18 at 14:34 -0700, Vahe Oughourlian (Xpree) wrote: > Say my isp is > > mail.isp.com
isp.com is a real domain. I'll go with mail.isp.tld. :) > and my username is > > username > > and my password is > > password I'll write these as your_username and your_password for clarity. > What would my configuration be in exim.conf, with the appropriate > configurations in routers, transports, and authenticators (I'm assuming > the configuration would require something in all three sections)? First Router (they're an ordered list): ----------------------------8< cut here >8------------------------------ begin routers isp_smarthost: driver = manualroute domains = ! +local_domains transport = smarthost_smtp route_data = mail.isp.tld same_domain_copy_routing no_more ----------------------------8< cut here >8------------------------------ Transports are just a collection of definitions, so order doesn't matter; you'll need this; if the ISP supports using Submission on port 587, you can try using that (especially if it's a laptop which can roam elsewhere). Hopefully the ISP offers TLS so you can get an encrypted link but perhaps they don't (eg, national laws which would compel them to have session key recording infrastructure and be able to hand over keys on demand might lead to them just not offering TLS); if they don't, comment out the _tls line. You might want to set the global option "tls_verify_certificates" to let you verify their cert (see docs for details). ----------------------------8< cut here >8------------------------------ begin transports smarthost_smtp: driver = smtp # port = 587 hosts_require_tls = mail.isp.tld hosts_require_auth = mail.isp.tld # you can set helo_data to something defining your account too ----------------------------8< cut here >8------------------------------ By this point, you might well consider using a macro to extract the definition of mail.isp.tld to the top of the file. :) For the authenticators, it really depends upon which authentication systems the ISP supports. This can vary a lot. I'll give you simplified versions of what I have on my laptop. I don't know which version of Exim Centos ships with; "exim -bV" will report it. The use of $tls_cipher here is only valid from Exim 4.68 onwards; it will keep you from ever using cleartext authentication over an unencrypted link. With hosts_require_tls, this becomes a "belt+braces" approach to protection, with double safety-checks. For protecting passwords, that's not a bad plan. ----------------------------8< cut here >8------------------------------ begin authenticators auth_plain: driver = plaintext public_name = PLAIN client_condition = ${if def:tls_cipher} client_send = ^your_username^your_password auth_cram: driver = cram_md5 public_name = CRAM-MD5 client_name = your_username client_password = your_password ----------------------------8< cut here >8------------------------------ The '^' becomes a NUL character; see RFC 4616 for details of PLAIN if you're interested in why those are there (and RFC 2195 for details of CRAM-MD5). It's fairly common to extract the password to an external file and use Exim's string replacement to let you look the details up, instead of hardcoding the password in the Exim config file. Regards, -Phil -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/