Re: [exim] Configuring Exim as an SMTP AUTH client only
On 2012-05-03 19:24, Dan wrote:
Also, for the record, I am using Mutt as my MUA and I can
receive mail there from my gmail account, but sending mail gives me no
errors in the form of a returned message or anything in exim's log
files.
How is your Mutt configured with respect to sending?
client_auth:
driver = cram_md5
public_name = CRAM-MD5
client_name = my-username.isp-relay.org
Is that name really correct; the name of your account on the smarthost?
Doublecheck it.
client_secret = my-password
PLAIN:
driver = plaintext
server_set_id = $auth2
server_prompts = :
server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}}
server_advertise_condition = ${if def:tls_cipher }
You could try extending your plain authenticator to handle client-side
as well, as your smarthost supports it. However, your password would
be travelling the wire in clear, a security issue. I'm amazed your ISP
doesn't offer STARTTLS on 587. Do they support SSL-on-connect
(most common on 465)?
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Configuring Exim as an SMTP AUTH client only
Hi, I'm new to Exim, so forgive me if this question has an obvious answer, but I searched for several days and couldn't figure it out myself. If I want to configure Exim as an SMTP AUTH client (but I don't need an SMTP AUTH server) do I need to install Dovecot or Cyrus (or any other SASL implementation or additional software) or do I simply need to properly configure Exim's config file? Here's my situation, to be sure that I am asking the question clearly: I have one host machine (CentOS) running Exim with several local user accounts and I do not plan to allow any users from remote machines to use this Exim implementation, so I do not think I need to configure it for authenticated IMAP or POP. This is why I am not certain if I need Dovecot or Cyrus or any other software. However, my ISP blocks port 25 outbound but offers an outgoing mail server relay for me to connect to on port 587. So, if I'm not mistaken, I need to configure Exim on my host for SMTP AUTH as a client to this ISPs outgoing server. But I'm not sure if Exim has everything necessary to make an authenticated connection as a client. Do I need to configure certificates? Or is everything I need in the exim.conf file? I have already tried to modify the smarthost and client auth sections of exim.conf with no success. If there is an example (or tutorial) that might get me going in the right direction for this kind of setup, or if anyone would be willing to give me a general roadmap, I would greatly appreciate it. Thanks. Dan -- Spam Dan spam...@fastmail.fm -- http://www.fastmail.fm - A fast, anti-spam email service. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Configuring Exim as an SMTP AUTH client only
On Wed, 02 May 2012 21:18:41 -0400 Dan wrote: Hi, I'm new to Exim, so forgive me if this question has an obvious answer, but I searched for several days and couldn't figure it out myself. Really not hard to find: http://www.exim.org/exim-html-current/doc/html/spec_html/ch33.html --Frank Elsner -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Configuring Exim as an SMTP AUTH client only
On 2012-05-02 at 21:18 -0400, Dan wrote:
If I want to configure Exim as an SMTP AUTH client (but I don't need an
SMTP AUTH server) do I need to install Dovecot or Cyrus (or any other
SASL implementation or additional software) or do I simply need to
properly configure Exim's config file?
The latter. Probably looking up the password from an external file.
If there is an example (or tutorial) that might get me going in the
right direction for this kind of setup, or if anyone would be willing to
give me a general roadmap, I would greatly appreciate it.
You configure something after begin authenticators, as an
authentication driver, for the correct SASL method.
For instance, if the server you're talking to AUTH CRAM-MD5 PLAIN you
might configure:
auth_cram:
driver= cram_md5
public_name = CRAM-MD5
client_name = dan
client_secret = sekret
In reality, you'll use something like ${lookup...} instead of
hard-coding passwords in the config file.
-Phil
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Configuring Exim as an SMTP AUTH client only
Thanks, Phil. I tried your suggestion but still no luck - the config
file that came with the version of Exim I'm using had 'client_auth'
instead of 'auth_cram' but I tried both.
Allow me to post some output in case anyone can spot something out of
the ordinary. Below is the output of my telnet connection to my ISPs
mail relay, the output of exim -bV, the output of my telnet connection
to my own Exim instance, and my exim.conf file. Names IPs used for
obfuscation: myhost, mydomain.org, isp-relay.org, 1.2.3.4, 2.3.4.5.
Also, I left out the ACL section of exim.conf because I didn't change it
from default and it took up a lot of space. Most of exim.conf is
default anyway, with the exception of changes I made to
primary_hostname, dnslookup (which I commented out based on the
commented instructions in exim.conf), smarthost, remote_msa, and
client_auth. Also, for the record, I am using Mutt as my MUA and I can
receive mail there from my gmail account, but sending mail gives me no
errors in the form of a returned message or anything in exim's log
files.
[me@myhost ~]$ telnet mx.isp-relay.org 587
Trying 1.2.3.4...
Connected to mx.isp-relay.org.
Escape character is '^]'.
220 remotehost.isp-relay.org ESMTP Sendmail 8.14.5/8.14.3; Thu, 3 May
2012 14:45:33 GMT
ehlo localhost
250-remotehost.isp-relay.org Hello pool-2-3-4-5.bstnma.btas.verizon.net
[2.3.4.5], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE 1
250-AUTH CRAM-MD5 DIGEST-MD5 PLAIN NTLM
250-DELIVERBY
250 HELP
quit
221 2.0.0 remotehost.isp-relay.org closing connection
Connection closed by foreign host.
[me@myhost ~]$ exim -bV
Exim version 4.72 #1 built 24-May-2011 17:40:23
Copyright (c) University of Cambridge, 1995 - 2007
Berkeley DB: Berkeley DB 4.7.25: (June 4, 2010)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc TCPwrappers
OpenSSL Content_Scanning DKIM Old_Demime
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm
dbmnz dnsdb dsearch ldap ldapdn ldapm nis nis0 nisplus passwd sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
OpenSSL compile-time version: OpenSSL 1.0.0-fips 29 Mar 2010
OpenSSL runtime version: OpenSSL 1.0.0-fips 29 Mar 2010
Configuration file is /etc/exim/exim.conf
[me@myhost ~]$ telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mydomain.org ESMTP Exim 4.72 Thu, 03 May 2012 09:59:47 -0400
ehlo localhost
250-mydomain.org Hello localhost [::1]
250-SIZE 52428800
250-PIPELINING
250-STARTTLS
250 HELP
quit
221 mydomain.org closing connection
Connection closed by foreign host.
[me@myhost ~]$ cat /etc/exim/exim.conf
# $Cambridge: exim/exim-src/src/configure.default,v 1.14 2009/10/16
07:46:13 tom Exp $
# Runtime configuration file for Exim #
#MAIN CONFIGURATION SETTINGS #
primary_hostname = mydomain.org
domainlist local_domains = @ : localhost : localhost.localdomain
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
av_scanner = clamd:/var/run/clamd.exim/clamd.sock
tls_advertise_hosts = *
tls_certificate = /etc/pki/tls/certs/exim.pem
tls_privatekey = /etc/pki/tls/private/exim.pem
daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465
never_users = root
host_lookup = *
auth_advertise_hosts =
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
# ACL CONFIGURATION#
# I didn't change anything from default in the ACL config so I removed
it to save space for the purposes of this post
# ROUTERS CONFIGURATION #
begin routers
#dnslookup:
# driver = dnslookup
# domains = ! +local_domains
# transport = remote_smtp
# ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
# no_more
smarthost:
driver = manualroute
domains = ! +local_domains
transport = remote_msa
route_data = mx.isp-relay.org
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
# user = exim
file_transport = address_file
pipe_transport = address_pipe
userforward:
driver = redirect
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
procmail:
driver = accept
check_local_user
require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
transport = procmail
no_verify
localuser:
driver = accept
