Re: [exim] Configuring Exim as an SMTP AUTH client only
On 2012-05-03 19:24, Dan wrote: Also, for the record, I am using Mutt as my MUA and I can receive mail there from my gmail account, but sending mail gives me no errors in the form of a returned message or anything in exim's log files. How is your Mutt configured with respect to sending? client_auth: driver = cram_md5 public_name = CRAM-MD5 client_name = my-username.isp-relay.org Is that name really correct; the name of your account on the smarthost? Doublecheck it. client_secret = my-password PLAIN: driver = plaintext server_set_id = $auth2 server_prompts = : server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}} server_advertise_condition = ${if def:tls_cipher } You could try extending your plain authenticator to handle client-side as well, as your smarthost supports it. However, your password would be travelling the wire in clear, a security issue. I'm amazed your ISP doesn't offer STARTTLS on 587. Do they support SSL-on-connect (most common on 465)? -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Configuring Exim as an SMTP AUTH client only
Hi, I'm new to Exim, so forgive me if this question has an obvious answer, but I searched for several days and couldn't figure it out myself. If I want to configure Exim as an SMTP AUTH client (but I don't need an SMTP AUTH server) do I need to install Dovecot or Cyrus (or any other SASL implementation or additional software) or do I simply need to properly configure Exim's config file? Here's my situation, to be sure that I am asking the question clearly: I have one host machine (CentOS) running Exim with several local user accounts and I do not plan to allow any users from remote machines to use this Exim implementation, so I do not think I need to configure it for authenticated IMAP or POP. This is why I am not certain if I need Dovecot or Cyrus or any other software. However, my ISP blocks port 25 outbound but offers an outgoing mail server relay for me to connect to on port 587. So, if I'm not mistaken, I need to configure Exim on my host for SMTP AUTH as a client to this ISPs outgoing server. But I'm not sure if Exim has everything necessary to make an authenticated connection as a client. Do I need to configure certificates? Or is everything I need in the exim.conf file? I have already tried to modify the smarthost and client auth sections of exim.conf with no success. If there is an example (or tutorial) that might get me going in the right direction for this kind of setup, or if anyone would be willing to give me a general roadmap, I would greatly appreciate it. Thanks. Dan -- Spam Dan spam...@fastmail.fm -- http://www.fastmail.fm - A fast, anti-spam email service. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Configuring Exim as an SMTP AUTH client only
On Wed, 02 May 2012 21:18:41 -0400 Dan wrote: Hi, I'm new to Exim, so forgive me if this question has an obvious answer, but I searched for several days and couldn't figure it out myself. Really not hard to find: http://www.exim.org/exim-html-current/doc/html/spec_html/ch33.html --Frank Elsner -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Configuring Exim as an SMTP AUTH client only
On 2012-05-02 at 21:18 -0400, Dan wrote: If I want to configure Exim as an SMTP AUTH client (but I don't need an SMTP AUTH server) do I need to install Dovecot or Cyrus (or any other SASL implementation or additional software) or do I simply need to properly configure Exim's config file? The latter. Probably looking up the password from an external file. If there is an example (or tutorial) that might get me going in the right direction for this kind of setup, or if anyone would be willing to give me a general roadmap, I would greatly appreciate it. You configure something after begin authenticators, as an authentication driver, for the correct SASL method. For instance, if the server you're talking to AUTH CRAM-MD5 PLAIN you might configure: auth_cram: driver= cram_md5 public_name = CRAM-MD5 client_name = dan client_secret = sekret In reality, you'll use something like ${lookup...} instead of hard-coding passwords in the config file. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Configuring Exim as an SMTP AUTH client only
Thanks, Phil. I tried your suggestion but still no luck - the config file that came with the version of Exim I'm using had 'client_auth' instead of 'auth_cram' but I tried both. Allow me to post some output in case anyone can spot something out of the ordinary. Below is the output of my telnet connection to my ISPs mail relay, the output of exim -bV, the output of my telnet connection to my own Exim instance, and my exim.conf file. Names IPs used for obfuscation: myhost, mydomain.org, isp-relay.org, 1.2.3.4, 2.3.4.5. Also, I left out the ACL section of exim.conf because I didn't change it from default and it took up a lot of space. Most of exim.conf is default anyway, with the exception of changes I made to primary_hostname, dnslookup (which I commented out based on the commented instructions in exim.conf), smarthost, remote_msa, and client_auth. Also, for the record, I am using Mutt as my MUA and I can receive mail there from my gmail account, but sending mail gives me no errors in the form of a returned message or anything in exim's log files. [me@myhost ~]$ telnet mx.isp-relay.org 587 Trying 1.2.3.4... Connected to mx.isp-relay.org. Escape character is '^]'. 220 remotehost.isp-relay.org ESMTP Sendmail 8.14.5/8.14.3; Thu, 3 May 2012 14:45:33 GMT ehlo localhost 250-remotehost.isp-relay.org Hello pool-2-3-4-5.bstnma.btas.verizon.net [2.3.4.5], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 1 250-AUTH CRAM-MD5 DIGEST-MD5 PLAIN NTLM 250-DELIVERBY 250 HELP quit 221 2.0.0 remotehost.isp-relay.org closing connection Connection closed by foreign host. [me@myhost ~]$ exim -bV Exim version 4.72 #1 built 24-May-2011 17:40:23 Copyright (c) University of Cambridge, 1995 - 2007 Berkeley DB: Berkeley DB 4.7.25: (June 4, 2010) Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc TCPwrappers OpenSSL Content_Scanning DKIM Old_Demime Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm nis nis0 nisplus passwd sqlite Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Fixed never_users: 0 Size of off_t: 8 OpenSSL compile-time version: OpenSSL 1.0.0-fips 29 Mar 2010 OpenSSL runtime version: OpenSSL 1.0.0-fips 29 Mar 2010 Configuration file is /etc/exim/exim.conf [me@myhost ~]$ telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 mydomain.org ESMTP Exim 4.72 Thu, 03 May 2012 09:59:47 -0400 ehlo localhost 250-mydomain.org Hello localhost [::1] 250-SIZE 52428800 250-PIPELINING 250-STARTTLS 250 HELP quit 221 mydomain.org closing connection Connection closed by foreign host. [me@myhost ~]$ cat /etc/exim/exim.conf # $Cambridge: exim/exim-src/src/configure.default,v 1.14 2009/10/16 07:46:13 tom Exp $ # Runtime configuration file for Exim # #MAIN CONFIGURATION SETTINGS # primary_hostname = mydomain.org domainlist local_domains = @ : localhost : localhost.localdomain domainlist relay_to_domains = hostlist relay_from_hosts = 127.0.0.1 acl_smtp_mail = acl_check_mail acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data acl_smtp_mime = acl_check_mime av_scanner = clamd:/var/run/clamd.exim/clamd.sock tls_advertise_hosts = * tls_certificate = /etc/pki/tls/certs/exim.pem tls_privatekey = /etc/pki/tls/private/exim.pem daemon_smtp_ports = 25 : 465 : 587 tls_on_connect_ports = 465 never_users = root host_lookup = * auth_advertise_hosts = rfc1413_hosts = * rfc1413_query_timeout = 5s ignore_bounce_errors_after = 2d timeout_frozen_after = 7d # ACL CONFIGURATION# # I didn't change anything from default in the ACL config so I removed it to save space for the purposes of this post # ROUTERS CONFIGURATION # begin routers #dnslookup: # driver = dnslookup # domains = ! +local_domains # transport = remote_smtp # ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 # no_more smarthost: driver = manualroute domains = ! +local_domains transport = remote_msa route_data = mx.isp-relay.org no_more system_aliases: driver = redirect allow_fail allow_defer data = ${lookup{$local_part}lsearch{/etc/aliases}} # user = exim file_transport = address_file pipe_transport = address_pipe userforward: driver = redirect check_local_user # local_part_suffix = +* : -* # local_part_suffix_optional file = $home/.forward allow_filter no_verify no_expn check_ancestor file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply procmail: driver = accept check_local_user require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail transport = procmail no_verify localuser: driver = accept