A client or partner does not use an internal mail server and/or its server requires authentication to agree to relay messages. ServiceNav must be configured to use an authenticated SMTP relay.
The client must provide the authentication account and password.
- in the rest of the document we will use user@client.dom as email address / login and password as password
- in the examples the box (SNB or SNP) will have for hostname hostname
- in the examples the name of the local network will be client.lan
Authentication without encryption
Create the following file : nano /etc/exim4/passwd.client.
Add the authentication line :
# password file used when the local exim is authenticating to a remote # host as a client. # # see exim4_passwd_client( 5 ) for more documentation # # Example: ### target.mail.server.example:login:password *:user@client.dom: password |
Edit /etc/exim4/exim4.conf.template
- Add towards the beginning of the file, after the following lines
# Macro defining the main configuration directory. # We do not use absolute paths. .ifndef CONFIDER CONFIDER = /etc/exim4 .endif |
The line:
disable_ipv6 = true |
Configure EXIM4 in the traditional way :
sudo su - cd /root/vsb_installation./vsb_installation.pl
Then follow the instructions on the screen:
############################################################ ####### VSB INSTALLATION ######## ############################################################ Copyright CoServIT 2012-2013. All rights reserved.## Welcome in the VSB Installation script - VSB/VSM side. ## This tool will allow you to: ## - Configure your network ## - Contact the Vsb Installation API to get your synchronization parameters ## - Configure the mail ## Note : You can exit this program with Ctrl+CPress any key to continue
Press any key to continue
To skip the ServiceNav Box network configuration: Click Enter
###### NETWORK CONFIGURATION #############Do you want to configure the Network (y/n) [default: n] :
To skip the "Provider" configuration of the ServiceNav Box: Click Enter
###### CONTACTING INSTALLATION PROVIDER #############
Do you want to retrieve configuration by HTTP/HTTPS api (y/n) [default: n] :
The last step is to configure the sending of emails with the Exim4 email service running on the ServiceNav Box. To configure the sending of notification emails, type "y" and hit the "Enter" key:
###### MAIL CONFIGURATION (EXIM4) #############Do you want to configure the Mail (y/n) [default: n] : y--> Launching exim4 config. do not interrupt!
The Exim4 configuration tool launches:
Here's what you need to answer the questions:
Type of configuration :
-
- Relay (smarthost) - no local mail
System email name:
- client.dom
List of IP addresses at Exim will be waiting for incoming SMTP connections:
- 127.0.0.1 ; ::1
Other destinations for which email must be accepted:
- (blank)
Domain name visible to local users :
- client.dom
Network name or IP address of the smarthost system :
- realadress::realport
Should DNS queries (connections on demand?) be minimized?
- No
Is it necessary to separate the configuration into several files?
- No
Once the configuration is complete, the service restarts:
* Stopping MTA for restart [ OK ]* Restarting MTA [ OK ]--> Exim4 config finished
- Change /etc/email-addresses
- Add the following lines :
- nagios: user@client.dom
- root: user@client.dom
- Change /etc/aliases
- Change the line for the root user : root: :blackhole:
- Restart exim4
exim4 restart service
Authentication with encryption
This is notably the case for relaying on the Orange ISP's SMTP servers.
nano /etc/exim4/exim4.conf.localmacros Add this: MAIN_TLS_ENABLE = 1 |
Create the following file : nano /etc/exim4/client_smtp_auth.txt
Then add the line :
IP-SMARTHOST/32: require_ssl= "true/false " type= "login,plain " user= "user@client.dom " pass= "motdepasse "
Execute next:
update-exim4.conf |
This command updates the /var/lib/exim4/config.autogenerated file.
Copy the previously generated file : cp /var/lib/exim4/config.autogenerated /etc/exim4/exim4.conf
And then..: nano /etc/exim4/exim4.conf
Edit this file. Put at the beginning of the file the lines in red :
###
# WARNING WARNING
# WARNING WARNING
# WARNING WARNING
# WARNING WARNING
# WARNING WARNING
# This file is generated dynamically from the files in
# the conf.d/ directory, or from exim4.conf.template respectively.
# Additional information is read from update-exim4.conf
# This version of the file was created from the directory /etc/exim4
# Any changes you make here will be lost.
# See /usr/share/doc/exim4-base/README.Debian.gz and update-exim4.conf(8)
# for instructions of customization.
# WARNING WARNING
# WARNING WARNING
# WARNING WARNING
# WARNING WARNING
# WARNING WARNING
#########
AUTH_CLIENT_DATA = /etc/exim4/client_smtp_auth.txt
AUTH_CLIENT_USERNAME = ${extract{user}{AUTH_CLIENT_SEND_DATA}}
AUTH_CLIENT_PASSWORD = ${extract{pass}{AUTH_CLIENT_SEND_DATA}}
AUTH_CLIENT_REQUIRED = ${filter{${readfile{AUTH_CLIENT_DATA}{:}}}{match{$item}{\N^\s*\d{1,3}(?:\.\d{1,3}){3}(?:/[0-9]{1,2})?\s*$\N}}}
AUTH_CLIENT_QUIRE_SSL = ${filter{${sg{${filter{<\n${readfile{AUTH_CLIENT_DATA}}}{match{${extract{require_ssl}{$item}}}{\N^(?i)\s*(true|yes|1)\s*$\N}}}}{\N\n\N}{:}}}{match{$item}{\N^\s*\d{1,3}(?:\.\d{1,3}){3}\s*$\N}}}
AUTH_CLIENT_SEND_DATA = ${lookup{$host_address}iplsearch{AUTH_CLIENT_DATA}}
AUTH_CLIENT_ENABLED_PLAIN = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}{\N^(?i)(.+,)*plain(,.+)*$\N}{true}{false}
AUTH_CLIENT_ENABLED_LOGIN = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}{\N^(?i)(.+,)*login(,.+)*$\N}{true}{false}}
AUTH_CLIENT_ENABLED_CRAM = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}{\N^(?i)(.+,)*cram(,.+)*$\N}{true}{false}}
AUTH_CLIENT_SEND_CRAM_USER = AUTH_CLIENT_USERNAME
AUTH_CLIENT_SEND_CRAM_PASS = AUTH_CLIENT_PASSWORD
AUTH_CLIENT_SEND_LOGIN =: AUTH_CLIENT_USERNAME: AUTH_CLIENT_PASSWORD
AUTH_CLIENT_SEND_PLAIN = ^AUTH_CLIENT_USERNAME^AUTH_CLIENT_PASSWORD
exim_path = /usr/sbin/exim4
…
Replace the entire section entitled remote_smtp_smarthost by the following lines:
remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain".
driver = smtp
hosts_require_tls = AUTH_CLIENT_REQUIRE_SSL
hosts_require_auth = AUTH_CLIENT_REQUIRED
Still in the same file, at the end, replace the section begin authenticators with the one below:
begin authenticators
CRAM:
driver = cram_md5
public_name = CRAM-MD5
client_condition = AUTH_CLIENT_ENABLED_CRAM
client_name = AUTH_CLIENT_SEND_CRAM_USER
secret_client = AUTH_CLIENT_SEND_CRAM_PASS
LOGIN:
driver = plaintext
client_condition = AUTH_CLIENT_ENABLED_LOGIN
client_send = AUTH_CLIENT_SEND_LOGIN
PLAIN:
driver = plaintext
client_condition = AUTH_CLIENT_ENABLED_PLAIN
client_send = AUTH_CLIENT_SEND_PLAIN
Once the configuration is saved, the exim4 server has to be restarted: exim4 restart service
Check the correct sending of email under telnet
Example below carried out with a mail relay at the Orange ISP.
telnet smtp.orange.fr 25 |
Dialogue, in bold what to enter:
Trying 193.252.22.84...
Connected to smtp.orange.fr.
Escape character is '^]'.
220 mwinf5d33 ME ESMTP server ready
EHLO servicenav
250-mwinf5d33 hello [90.113.178.249], pleased to meet you
250-HELP
250-AUTH LOGIN PLAIN
250-SIZE 440000
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 OK
AUTH LOGIN
334 UGFzc3dvcmQ6
235 2.7.0 ... authentication succeeded
mail from:
250 2.1.0
rcpt to:
250 2.1.5
data
354 enter mail, end with . "? on a line by itself ?
servicenav
.
250 2.0.0 RJZW230095PEYZW03Ja5Bg mail accepted for delivery
Locate the IP of the responding mail server, here: 193.252.22.84
Check the correct sending of email under exim4
To test the sending of emails, type the following command adapting it to your needs:
#Mtest method 1 mail -s "Hello World" mail@domaine.com Cc: Text#Mtest method 2