Exim Configuration for Comcast Cable

From Nearline Storage
Jump to: navigation, search

This is for a Linux (Fedora 24) workstation that does not have a public internet address and wants to send mail via the Comcast cable SMTP gateway. To accomplish this the workstation must masquerade as a host in a existing domain on the internet.

The Comcast SMTP gateway will check the sending e-mail addresses to ensure that they are valid, therefore the sending addresses on the workstation must be defined as real mail addresses within the sending domain, i.e., (in my case) they must be defined as "forwarding" mail addresses on the domain using the ISP’s tools.

To configure exim on the workstation:

  1. Install exim and system-switch-mail packages.
  2. Patch the /etc/exim/exim.conf file with the patch below. Notice that the Comcast userid and password are set in the last block of the patch and need to be edited before applying the patch. Also note that my domain (daveking.com) and hostname (localhost.localdomain) are used in the patch. Other people will all need to change those as well.
  3. Start the exim service and set it to be started at boot.
  4. Run system-switch-mail as root to set exim as the MTA.
  5. Modify the /etc/aliases file to define an alias for the root user and run the “newaliases” command as root
--- exim.conf.orig	2016-04-18 10:17:56.000000000 -0400
+++ exim.conf	2016-11-15 12:49:35.125835863 -0500
@@ -123,7 +123,7 @@
 # of what to set for other virus scanners. The second modification is in the
 # acl_check_data access control list (see below).
 
-av_scanner = clamd:/var/run/clamd.exim/clamd.sock
+# av_scanner = clamd:/var/run/clamd.exim/clamd.sock
 
 
 # For spam scanning, there is a similar option that defines the interface to
@@ -177,7 +177,7 @@
 # unqualified addresses from remote sources. If this option is not set, the
 # primary_hostname value is used for qualification.
 
-# qualify_domain =
+qualify_domain = daveking.com
 
 
 # If you want unqualified recipient addresses to be qualified with a different
@@ -213,7 +213,7 @@
 # as if it were a normal user. This isn't usually a problem, as most sites have
 # an alias for root that redirects such mail to a human administrator.
 
-never_users = root
+# never_users = root
 
 
 # The setting below causes Exim to do a reverse DNS lookup on all incoming
@@ -692,14 +692,14 @@
 # If the DNS lookup fails, no further routers are tried because of the no_more
 # setting, and consequently the address is unrouteable.
 
-dnslookup:
-  driver = dnslookup
-  domains = ! +local_domains
-  transport = remote_smtp
-  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
+#dnslookup:
+#  driver = dnslookup
+#  domains = ! +local_domains
+#  transport = remote_smtp
+#  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
 # if ipv6-enabled then instead use:
 # ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
-  no_more
+#  no_more
 
 
 # This alternative router can be used when you want to send all mail to a
@@ -708,13 +708,13 @@
 # should comment out "dnslookup" above.  Setting a real hostname in route_data
 # wouldn't hurt either.
 
-# smarthost:
-#   driver = manualroute
-#   domains = ! +local_domains
-#   transport = remote_smtp
-#   route_data = MAIL.HOSTNAME.FOR.CENTRAL.SERVER.EXAMPLE
-#   ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
-#   no_more
+smarthost:
+  driver = manualroute
+  domains = ! +local_domains
+  transport = remote_msa
+  route_data = smtp.comcast.net
+  ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
+  no_more
 
 
 # The remaining routers handle addresses in the local domain(s), that is those
@@ -949,7 +949,8 @@
 
 begin rewrite
 
-
+#  This host masquerades as daveking.com
+*@localhost.localdomain            $1@daveking.com
 
 ######################################################################
 #                   AUTHENTICATION CONFIGURATION                     #
@@ -1001,6 +1002,10 @@
 #  server_prompts             = :
 #  server_condition           = ${if saslauthd{{$2}{$3}{smtp}} {1}}
 #  server_advertise_condition = ${if def:tls_in_cipher }
+PLAIN:
+  driver = plaintext
+  public_name = PLAIN
+  client_send = ^userid^password
 
 # LOGIN authentication has traditional prompts and responses. There is no
 # authorization ID in this mechanism, so unlike PLAIN the username and