Exim Authenticated Smarthost

Today's ISP environment requires authenticated SMTP to be able to send emails. As a policy, authenticated SMTP helps cut down on folks sending SPAM and allows the ISP to track which account is sending what type of email content for further demographic study. While authenticated SMTP is good for the ISP, it is not a configuration supported out of the box by most Linux distributions. This means that all those system emails and log reports emailed by root never make it anywhere anymore.

The solution is to configure your Linux distribution to send authenticated SMTP. My local ISP requires authenticated SMTP and here is how I got Exim4 to work for me on Ubuntu LTS 8.04.

These instructions are written assuming you are using a Debian based Linux distribution but should also work well on other Linux distributions granted you use the applicable package manager commands for that specific distribution.

 

Install the required packages

If not already installed, use your package manager of choice to 

sudo apt-get install exim4-daemon-light

 

Configure Exim4

Then

sudo dpkg-reconfigure exim4-config

...be sure to select mail sent by smarthost, no local mail (unless you are configuring local mail, which most folks at home do not need).

Now, edit the file 

sudo nano /etc/exim4/passwd.client

...and add the line

*:login:password

to the file, substituting the correct email account login name for login and corresponding password. Most ISPs offer multiple email accounts so it may make sense security wise to create an account just for utility use such as this. If your Linux host is ever compromised you will be glad you had a separate utility email account.

Create the file

sudo touch /etc/exim4/exim4.conf.localmacros

Then edit that file

sudo nano /etc/exim4/exim4.conf.localmacros

...add the line

AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS = 1

to the file.

 

Test the Configuration

Finally

sudo /etc/init.d/exim4 restart

to test for effect with the application of your choice.

The mail queue can be listed using 'exim -bp | exiqsumm'

Also from the command line you can "exim -v -M messageid" to try re-sending a test email again if your first email attempt does not go so well.

Finally, edit the /etc/aliases file to reflect the email address the system email notifications should go to. Make the new or edited alias active by issuing the command newaliases. 

Also...

The configuration above uses clear text authentication, which may not be what you want.

Exim4 supports TLS security. Enabling TLS support involves

sudo apt-get install openssl

then

sudo /usr/share/doc/exim4-base/examples/exim-gencert

then

sudo nano /etc/exim4/exim4.conf.localmacros

to add the line

MAIN_TLS_ENABLE = 1

Of course, some ISPs do not support TLS for SMTP so be sure to check your ISP's configuration information prior to regarding your Linux host's SMTP configuration suspect.

Share this page:

0 Comment(s)