Difference between revisions of "Exim Configuration for Workstations"

From Nearline Storage
Jump to navigation Jump to search
(Created page with "This is for a Linux (Fedora 24) workstation that does not have a public internet address and wants to send mail via my mail.daveking.com mail server's SMTP gateway. To accomp...")
 
m
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
This is for a Linux (Fedora 24) workstation that does not have a public internet address and wants to send mail via my mail.daveking.com mail server's SMTP gateway.  To accomplish this the workstation must masquerade as a host in a existing domain on the internet.   
+
This is for a server that does not have a public internet address and wants to send mail via my mail.daveking.com mail server's SMTP gateway.  To accomplish this the workstation must masquerade as a host in a existing domain on the internet.   
  
 
The SMTP gateway will check the sending e-mail addresses to ensure that they are valid, therefore the sending addresses on the workstation must be defined as real mail addresses within the sending domain, i.e., (in my case) they must be defined in the "forwardings" table in the mail database on the server.
 
The SMTP gateway will check the sending e-mail addresses to ensure that they are valid, therefore the sending addresses on the workstation must be defined as real mail addresses within the sending domain, i.e., (in my case) they must be defined in the "forwardings" table in the mail database on the server.
  
 
To configure exim on the workstation:
 
To configure exim on the workstation:
# Install exim and system-switch-mail packages.
+
# Install the exim package.
# Patch the /etc/exim/exim.conf file with the patch below.  Notice that the SMTP mail server userid and password are set in the last block of the patch and need to be edited before applying the patch.  Also note that my domain (daveking.com) and hostname (localhost.localdomain) are used in the patch.  These things need to be changed.
+
# Patch the /etc/exim/exim.conf file with the patch below.  Notice that the SMTP mail server userid and password are set in the last block of the patch and need to be edited before applying the patch.  Also note that my domain (daveking.com) is used in the patch.  This needs to be changed.
 
# Start the exim service and set it to be started at boot.
 
# Start the exim service and set it to be started at boot.
# Run “system-switch-mail” as root to set exim as the MTA.
+
# Run <code>alternatives --config mta</code> as root to set exim as the MTA.
# Modify the /etc/aliases file to define an alias for the root user and run the &ldquo;newaliases&rdquo; command as root
+
# Modify the /etc/aliases file to define an alias for the root user and run the <code>newaliases</code> command as root
  
 
<pre>
 
<pre>
--- exim.conf.orig 2019-11-19 08:15:31.000000000 -0500
+
--- exim.conf.orig 2020-07-27 14:06:13.000000000 -0400
+++ exim.conf 2019-12-21 14:43:53.005467610 -0500
+
+++ exim.conf 2021-03-13 11:00:14.496121744 -0500
@@ -59,7 +59,7 @@
+
@@ -47,7 +47,7 @@
  # uname() function is called to obtain the name. In many cases this does
+
  # An appropriately privileged user can then redirect email on the command-line
  # the right thing and you need not set anything explicitly.
+
# in emergencies, via -D.
 +
  #
 +
-# ROUTER_SMARTHOST=MAIL.HOSTNAME.FOR.CENTRAL.SERVER.EXAMPLE
 +
+ROUTER_SMARTHOST=mail.daveking.com
 
   
 
   
-# primary_hostname =
+
######################################################################
+primary_hostname = s33d3r.duckdns.org
+
  #                   MAIN CONFIGURATION SETTINGS                    #
 
 
  # The next three settings create two lists of domains and one list of hosts.
 
 
@@ -138,7 +138,7 @@
 
@@ -138,7 +138,7 @@
 
  # of what to set for other virus scanners. The second modification is in the
 
  # of what to set for other virus scanners. The second modification is in the
Line 31: Line 31:
 
   
 
   
 
  # For spam scanning, there is a similar option that defines the interface to
 
  # For spam scanning, there is a similar option that defines the interface to
@@ -195,7 +195,7 @@
+
@@ -201,7 +195,7 @@
 
  # unqualified addresses from remote sources. If this option is not set, the
 
  # unqualified addresses from remote sources. If this option is not set, the
 
  # primary_hostname value is used for qualification.
 
  # primary_hostname value is used for qualification.
 
   
 
   
 
-# qualify_domain =
 
-# qualify_domain =
+qualify_domain = hostname.domain
+
+qualify_domain = daveking.com
 
   
 
   
 
   
 
   
 
  # If you want unqualified recipient addresses to be qualified with a different
 
  # If you want unqualified recipient addresses to be qualified with a different
@@ -231,7 +231,7 @@
+
@@ -237,7 +231,7 @@
 
  # as if it were a normal user. This isn't usually a problem, as most sites have
 
  # as if it were a normal user. This isn't usually a problem, as most sites have
 
  # an alias for root that redirects such mail to a human administrator.
 
  # an alias for root that redirects such mail to a human administrator.
Line 49: Line 49:
 
   
 
   
 
  # The setting below causes Exim to do a reverse DNS lookup on all incoming
 
  # The setting below causes Exim to do a reverse DNS lookup on all incoming
@@ -771,8 +771,8 @@
+
@@ -785,9 +779,11 @@
 
  smarthost:
 
  smarthost:
 
   driver = manualroute
 
   driver = manualroute
 
   domains = ! +local_domains
 
   domains = ! +local_domains
 
-  transport = smarthost_smtp
 
-  transport = smarthost_smtp
- route_data = ROUTER_SMARTHOST
+
+ transport = remote_msa
+  transport = smarthost_msa
+
+# transport = smarthost_smtp
+ route_data = mailserver.domain
+
  route_data = ROUTER_SMARTHOST
  ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
+
- ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
 +
+
 +
+#  ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
 
   no_more
 
   no_more
 
   
 
   
@@ -1087,7 +1087,6 @@
+
  .else
  begin rewrite
+
@@ -1141,6 +1137,10 @@
 
 
-
 
######################################################################
 
#                  AUTHENTICATION CONFIGURATION                    #
 
######################################################################
 
@@ -1132,8 +1131,10 @@
 
# use $auth2 as a lookup key, and compare $auth3 against the result of the
 
# lookup, perhaps using the crypteq{}{} condition.
 
 
-#PLAIN:
 
-#  driver                    = plaintext
 
+PLAIN:
 
+  driver                    = plaintext
 
+  public_name                = PLAIN
 
+  client_send                = ^userid^password
 
#  server_set_id              = $auth2
 
 
  #  server_prompts            = :
 
  #  server_prompts            = :
 
  #  server_condition          = ${if saslauthd{{$2}{$3}{smtp}} {1}}
 
  #  server_condition          = ${if saslauthd{{$2}{$3}{smtp}} {1}}
 +
#  server_advertise_condition = ${if def:tls_in_cipher }
 +
+PLAIN:
 +
+  driver = plaintext
 +
+  public_name = PLAIN
 +
+  client_send = ^USERID^PASSWORD
 +
 +
# LOGIN authentication has traditional prompts and responses. There is no
 +
# authorization ID in this mechanism, so unlike PLAIN the username and
 
</pre>
 
</pre>
 
[[Category:Linux]]
 
[[Category:Linux]]
 
[[Category:eMail]]
 
[[Category:eMail]]

Latest revision as of 16:13, 13 March 2021

This is for a server that does not have a public internet address and wants to send mail via my mail.daveking.com mail server's SMTP gateway. To accomplish this the workstation must masquerade as a host in a existing domain on the internet.

The SMTP gateway will check the sending e-mail addresses to ensure that they are valid, therefore the sending addresses on the workstation must be defined as real mail addresses within the sending domain, i.e., (in my case) they must be defined in the "forwardings" table in the mail database on the server.

To configure exim on the workstation:

  1. Install the exim package.
  2. Patch the /etc/exim/exim.conf file with the patch below. Notice that the SMTP mail server userid and password are set in the last block of the patch and need to be edited before applying the patch. Also note that my domain (daveking.com) is used in the patch. This needs to be changed.
  3. Start the exim service and set it to be started at boot.
  4. Run alternatives --config mta as root to set exim as the MTA.
  5. Modify the /etc/aliases file to define an alias for the root user and run the newaliases command as root
--- exim.conf.orig	2020-07-27 14:06:13.000000000 -0400
+++ exim.conf	2021-03-13 11:00:14.496121744 -0500
@@ -47,7 +47,7 @@
 # An appropriately privileged user can then redirect email on the command-line
 # in emergencies, via -D.
 #
-# ROUTER_SMARTHOST=MAIL.HOSTNAME.FOR.CENTRAL.SERVER.EXAMPLE
+ROUTER_SMARTHOST=mail.daveking.com
 
 ######################################################################
 #                    MAIN CONFIGURATION SETTINGS                     #
@@ -138,7 +138,7 @@
 # of what to set for other virus scanners. The second modification is in the
 # acl_check_data access control list (see below).
 
-av_scanner = clamd:/var/run/clamd.exim/clamd.sock
+#av_scanner = clamd:/var/run/clamd.exim/clamd.sock
 
 
 # For spam scanning, there is a similar option that defines the interface to
@@ -201,7 +195,7 @@
 # unqualified addresses from remote sources. If this option is not set, the
 # primary_hostname value is used for qualification.
 
-# qualify_domain =
+qualify_domain = daveking.com
 
 
 # If you want unqualified recipient addresses to be qualified with a different
@@ -237,7 +231,7 @@
 # as if it were a normal user. This isn't usually a problem, as most sites have
 # an alias for root that redirects such mail to a human administrator.
 
-never_users = root
+#never_users = root
 
 
 # The setting below causes Exim to do a reverse DNS lookup on all incoming
@@ -785,9 +779,11 @@
 smarthost:
   driver = manualroute
   domains = ! +local_domains
-  transport = smarthost_smtp
+  transport = remote_msa
+#  transport = smarthost_smtp
   route_data = ROUTER_SMARTHOST
-  ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
+
+#  ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
   no_more
 
 .else
@@ -1141,6 +1137,10 @@
 #  server_prompts             = :
 #  server_condition           = ${if saslauthd{{$2}{$3}{smtp}} {1}}
 #  server_advertise_condition = ${if def:tls_in_cipher }
+PLAIN:
+  driver = plaintext
+  public_name = PLAIN
+  client_send = ^USERID^PASSWORD
 
 # LOGIN authentication has traditional prompts and responses. There is no
 # authorization ID in this mechanism, so unlike PLAIN the username and