The officially official Devuan Forum!

You are not logged in.

#1 2023-10-27 10:04:32

mirrortokyo
Member
Registered: 2021-04-08
Posts: 52  

[SOLVED] exim4 to send mail with ISP-based smarthost

Maybe just as a reminder to myself and also due to some painful experiences I wanted to note some useful information for those who want their machine to be able to send mail from reportbug and popularity-contest.

My machine is on a dynamic IP address permanently connected via VDSL with the ISP providing a smarthost at mail.isp.domain (but reverse lookup of the IP address of mail.isp.domain results in a *.compute.amazonaws.com machine name).

I had a lot of grief until I set /etc/mailname to contain:

localhost

When the ISP moved mail.isp.domain from a machine whose IP address gave a reverse lookup of mail.isp.domain to a machine that gave a reverse lookup of some-name.amazonaws.com, it broke one of the exim4 assumptions:

the manual page for /etc/exim4/passwd.client, which is exim4_passwd_client (5) states:

/etc/exim4/passwd.client
       contains account and password data for SMTP authentication when exim is
       authenticating as a client to some remote server.

       The file should contain lines of the form

       target.mail.server.example:login-user-name:password

       which  will cause exim to use login-user-name and password when sending
       messages  to   a   server   with   the   canonical   host   name   tar‐
       get.mail.server.example.   Please note that this does not configure the
       mail server to send to (this is determined in Debconf), but  only  cre‐
       ates  the  correlation between host name and authentication credentials
       to avoid exposing passwords to the wrong host.

       Please note that target.mail.server.example is currently the value that
       exim can read from reverse DNS: It first follows the host name  of  the
       target  system  until it finds an IP address, and then looks up the re‐
       verse DNS for that IP address to use the outcome of this query (or  the
       IP   address   itself   should   the   query   fail)   as   index  into
       /etc/exim4/passwd.client.

       This goes inevitably wrong if the host name of the  mail  server  is  a
       CNAME  (a  DNS  alias),  or the reverse lookup does not fit the forward
       one.

       Currently, you need to manually lookup all reverse DNS names for all IP
       addresses that your SMTP server host name points to, for example by us‐
       ing the host command.  If the SMTP smarthost alias expands to  multiple
       IPs,  you need to have multiple lines for all the hosts.  When your ISP
       changes the alias, you will need to manually fix that.

       You may minimize this trouble by using a wild card entry or regular ex‐
       pressions, thus reducing the risk of  divulging  the  password  to  the
       wrong  SMTP server while reducing the number of necessary lines.  For a
       deeper discussion, see the Debian BTS #244724.

       password is your SMTP password in clear text. If you do not know  about
       your  SMTP  password,  you  can try using your POP3 password as a first
       guess.

       This file must be readable for the Debian-exim user and should  not  be
       readable for others. Recommended file mode is root:Debian-exim 640.

       # example for CONFDIR/passwd.client
       # this will only match if the server's generic name matches exactly
       mail.server.example:user:password
       # this will deliver the password to any server
       *:username:password
       # this will deliver the password to servers whose generic name ends in
       # mail.server.example
       *.mail.server.example:user:password
       # this will deliver the password to servers whose generic name matches
       # the regular expression
       ^smtp[0-9]*\.mail\.server\.example:user:password

In my case, I originally had:

mail.isp.domain:username@isp.domain:password

and added:

*.newhost.newdomain:username@isp.domain:password
*.compute.amazonaws.com:username@isp.comain:password

Hope this helps someone...

Offline

Board footer