You are not logged in.
- Topics: Active | Unanswered
#1 2023-10-27 10:04:32
- mirrortokyo
- Member
- Registered: 2021-04-08
- Posts: 45
[SOLVED] exim4 to send mail with ISP-based smarthost
Maybe just as a reminder to myself and also due to some painful experiences I wanted to note some useful information for those who want their machine to be able to send mail from reportbug and popularity-contest.
My machine is on a dynamic IP address permanently connected via VDSL with the ISP providing a smarthost at mail.isp.domain (but reverse lookup of the IP address of mail.isp.domain results in a *.compute.amazonaws.com machine name).
I had a lot of grief until I set /etc/mailname to contain:
localhost
When the ISP moved mail.isp.domain from a machine whose IP address gave a reverse lookup of mail.isp.domain to a machine that gave a reverse lookup of some-name.amazonaws.com, it broke one of the exim4 assumptions:
the manual page for /etc/exim4/passwd.client, which is exim4_passwd_client (5) states:
/etc/exim4/passwd.client
contains account and password data for SMTP authentication when exim is
authenticating as a client to some remote server.
The file should contain lines of the form
target.mail.server.example:login-user-name:password
which will cause exim to use login-user-name and password when sending
messages to a server with the canonical host name tar‐
get.mail.server.example. Please note that this does not configure the
mail server to send to (this is determined in Debconf), but only cre‐
ates the correlation between host name and authentication credentials
to avoid exposing passwords to the wrong host.
Please note that target.mail.server.example is currently the value that
exim can read from reverse DNS: It first follows the host name of the
target system until it finds an IP address, and then looks up the re‐
verse DNS for that IP address to use the outcome of this query (or the
IP address itself should the query fail) as index into
/etc/exim4/passwd.client.
This goes inevitably wrong if the host name of the mail server is a
CNAME (a DNS alias), or the reverse lookup does not fit the forward
one.
Currently, you need to manually lookup all reverse DNS names for all IP
addresses that your SMTP server host name points to, for example by us‐
ing the host command. If the SMTP smarthost alias expands to multiple
IPs, you need to have multiple lines for all the hosts. When your ISP
changes the alias, you will need to manually fix that.
You may minimize this trouble by using a wild card entry or regular ex‐
pressions, thus reducing the risk of divulging the password to the
wrong SMTP server while reducing the number of necessary lines. For a
deeper discussion, see the Debian BTS #244724.
password is your SMTP password in clear text. If you do not know about
your SMTP password, you can try using your POP3 password as a first
guess.
This file must be readable for the Debian-exim user and should not be
readable for others. Recommended file mode is root:Debian-exim 640.
# example for CONFDIR/passwd.client
# this will only match if the server's generic name matches exactly
mail.server.example:user:password
# this will deliver the password to any server
*:username:password
# this will deliver the password to servers whose generic name ends in
# mail.server.example
*.mail.server.example:user:password
# this will deliver the password to servers whose generic name matches
# the regular expression
^smtp[0-9]*\.mail\.server\.example:user:password
In my case, I originally had:
mail.isp.domain:username@isp.domain:password
and added:
*.newhost.newdomain:username@isp.domain:password
*.compute.amazonaws.com:username@isp.comain:password
Hope this helps someone...
Offline
