Documentation

Configuring a ServiceNav Box to use a mail server with authentication

On the page

Need some help?

Un client ou un partenaire n’utilise pas de serveur de messagerie en interne et/ou son serveur nécessite une authentification pour accepter de relayer les messages. ServiceNav doit être configuré pour utiliser un relais SMTP authentifié.

Le client doit fournir le compte et le mot de passe d’authentification.

  • in the rest of the document we will use user@client.dom  as email address / login and password as password
  • in the examples the box (SNB or SNP) will have for hostname hostname
  • dans les exemples le nom du réseau local sera client.lan

Authentification sans chiffrement

Créer le fichier suivant : nano /etc/exim4/passwd.client.

Ajouter la ligne de l’authentification :

# password file used when the local exim is authenticating to a remote
# host as a client.
#
# see exim4_passwd_client(5for more documentation
#
# Example:
### target.mail.server.example:login:password
*:user@client.dom:motdepasse

Edit /etc/exim4/exim4.conf.template

  • Add towards the beginning of the file, after the following lines
# Macro defining the main configuration directory.
# We do not use absolute paths.
.ifndef CONFIDER
CONFIDER = /etc/exim4
.endif

The line:

disable_ipv6 = true

Configure EXIM4 in the traditional way : 

sudo su - cd /root/vsb_installation
./vsb_installation.pl

Then follow the instructions on the screen:

############################################################
 ####### VSB INSTALLATION ########
 ############################################################
 Copyright CoServIT 2012-2013. All rights reserved.
 ## Welcome in the VSB Installation script - VSB/VSM side. ## This tool will allow you to: ## - Configure your network ## - Contact the Vsb Installation API to get your synchronization parameters ## - Configure the mail ## Note : You can exit this program with Ctrl+C
Press any key to continue

Press any key to continue

To skip the ServiceNav Box network configuration: Click Enter

###### NETWORK CONFIGURATION #############
Do you want to configure the Network (y/n) [default: n] :

To skip the "Provider" configuration of the ServiceNav Box: Click Enter

###### CONTACTING INSTALLATION PROVIDER #############
Do you want to retrieve configuration by HTTP/HTTPS api (y/n) [default: n] :

The last step is to configure the sending of emails with the Exim4 email service running on the ServiceNav Box. To configure the sending of notification emails, type "y" and hit the "Enter" key:

###### MAIL CONFIGURATION (EXIM4) #############
Do you want to configure the Mail (y/n) [default: n] : y
--> Launching exim4 config. do not interrupt!

The Exim4 configuration tool launches:

Here's what you need to answer the questions:

Type de configuration :

    • Envoi par relais (smarthost) – pas de courrier local

System email name:

  • client.dom

List of IP addresses at Exim will be waiting for incoming SMTP connections:

  • 127.0.0.1 ; ::1

Other destinations for which email must be accepted:

  • (blank)

Domain name visible to local users :

  • client.dom

Network name or IP address of the smarthost system :

  • realadress::realport

Should DNS queries (connections on demand?) be minimized?

  • No

Is it necessary to separate the configuration into several files?

  • No

Once the configuration is complete, the service restarts:

* Stopping MTA for restart [ OK ]
* Restarting MTA [ OK ]
--> Exim4 config finished
  • Change /etc/email-addresses
    • Add the following lines :
    • nagios: user@client.dom
    • root: user@client.dom
  • Change /etc/aliases
    • Change the line for the root user : root: :blackhole:
  • Restart exim4

exim4 restart service

Authentification avec chiffrement

C’est notamment le cas pour relayer sur les serveurs SMTP du FAI Orange.

nano /etc/exim4/exim4.conf.localmacros
Ajouter ceci :
MAIN_TLS_ENABLE = 1

Créer le fichier suivant : nano /etc/exim4/client_smtp_auth.txt

Puis ajouter la ligne :

IP-SMARTHOST/32 : require_ssl= »true/false » type= »login,plain » user= »user@client.dom » pass= »motdepasse »

Exécuter ensuite :

update-exim4.conf

Cette commande met à jour le fichier /var/lib/exim4/config.autogenerated.

Copier le fichier précédemment généré : cp /var/lib/exim4/config.autogenerated /etc/exim4/exim4.conf

Puis : nano /etc/exim4/exim4.conf

Editez ce fichier. Mettre au début du fichier les lignes en rouges :

###
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# This file is generated dynamically from the files in
# the conf.d/ directory, or from exim4.conf.template respectively.
# Additional information is read from update-exim4.conf.conf
# This version of the file was created from the directory /etc/exim4
# Any changes you make here will be lost.
# See /usr/share/doc/exim4-base/README.Debian.gz and update-exim4.conf(8)
# for instructions of customization.
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
#########

AUTH_CLIENT_DATA = /etc/exim4/client_smtp_auth.txt
AUTH_CLIENT_USERNAME = ${extract{user}{AUTH_CLIENT_SEND_DATA}}
AUTH_CLIENT_PASSWORD = ${extract{pass}{AUTH_CLIENT_SEND_DATA}}
AUTH_CLIENT_REQUIRED = ${filter{${readfile{AUTH_CLIENT_DATA}{:}}}{match{$item}{\N^\s*\d{1,3}(?:\.\d{1,3}){3}(?:/[0-9]{1,2})?\s*$\N}}}
AUTH_CLIENT_REQUIRE_SSL = ${filter{${sg{${filter{<\n${readfile{AUTH_CLIENT_DATA}}}{match{${extract{require_ssl}{$item}}}{\N^(?i)\s*(true|yes|1)\s*$\N}}}}{\N\n\N}{:}}}{match{$item}{\N^\s*\d{1,3}(?:\.\d{1,3}){3}\s*$\N}}}
AUTH_CLIENT_SEND_DATA = ${lookup{$host_address}iplsearch{AUTH_CLIENT_DATA}}
AUTH_CLIENT_ENABLED_PLAIN = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}}{\N^(?i)(.+,)*plain(,.+)*$\N}{true}{false}}
AUTH_CLIENT_ENABLED_LOGIN = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}}{\N^(?i)(.+,)*login(,.+)*$\N}{true}{false}}
AUTH_CLIENT_ENABLED_CRAM = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}}{\N^(?i)(.+,)*cram(,.+)*$\N}{true}{false}}
AUTH_CLIENT_SEND_CRAM_USER = AUTH_CLIENT_USERNAME
AUTH_CLIENT_SEND_CRAM_PASS = AUTH_CLIENT_PASSWORD
AUTH_CLIENT_SEND_LOGIN = : AUTH_CLIENT_USERNAME : AUTH_CLIENT_PASSWORD
AUTH_CLIENT_SEND_PLAIN = ^AUTH_CLIENT_USERNAME^AUTH_CLIENT_PASSWORD

exim_path = /usr/sbin/exim4

Remplacer toute la section intitulée remote_smtp_smarthost par les lignes suivantes :

remote_smtp_smarthost:
  debug_print = « T: remote_smtp_smarthost for $local_part@$domain »
  driver = smtp
  hosts_require_tls = AUTH_CLIENT_REQUIRE_SSL
  hosts_require_auth = AUTH_CLIENT_REQUIRED

Toujours dans ce même fichier, à la fin, remplacer la section begin authenticators avec celle ci-dessous:

begin authenticators

CRAM:
driver = cram_md5
public_name = CRAM-MD5
client_condition = AUTH_CLIENT_ENABLED_CRAM
client_name = AUTH_CLIENT_SEND_CRAM_USER
client_secret = AUTH_CLIENT_SEND_CRAM_PASS

LOGIN:
driver = plaintext
client_condition = AUTH_CLIENT_ENABLED_LOGIN
client_send = AUTH_CLIENT_SEND_LOGIN

PLAIN:
driver = plaintext
client_condition = AUTH_CLIENT_ENABLED_PLAIN
client_send = AUTH_CLIENT_SEND_PLAIN

Une fois la configuration enregistrée, il faut redémarrer le serveur exim4 : exim4 restart service

Vérifier le bon envoi de courriel sous telnet

Exemple ci-dessous effectué avec un relais de messagerie chez le FAI Orange.

telnet smtp.orange.fr 25

Dialogue, en gras ce qu’il faut entrer :

Trying 193.252.22.84…
Connected to smtp.orange.fr.
Escape character is ‘^]’.
220 mwinf5d33 ME ESMTP server ready
EHLO servicenav
250-mwinf5d33 hello [90.113.178.249], pleased to meet you
250-HELP
250-AUTH LOGIN PLAIN
250-SIZE 44000000
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 OK
AUTH LOGIN <compte xxx@orange.fr encodé en base64>
334 UGFzc3dvcmQ6
<mot de passe Orange encodé en base 64>
235 2.7.0 … authentication succeeded
mail from:<compte xxx>@orange.fr
250 2.1.0 <compte xxx@orange.fr> sender ok
rcpt to:<compte cible>@dom
250 2.1.5 <compte cible@dom> recipient ok
data
354 enter mail, end with « . » on a line by itself
servicenav
.
250 2.0.0 RJZW230095PEYZW03Ja5Bg mail accepted for delivery

Repérer l’IP du serveur de messagerie qui répond, ici : 193.252.22.84

Vérifier le bon envoi de courriel sous exim4

To test the sending of emails, type the following command adapting it to your needs:

#Méthode de test 1
mail -s "Hello World" mail@domaine.com
Cc: 
Texte
<Ctrl+D>

#Méthode de test 2

This may also be of interest to you

tel1

Ensuring and maintaining the availability of ServiceNav Boxes

install script

Preparing for ServiceNav Box DR

Replacing an Ubuntu12.04 with a ServiceNav 4.0 Ubuntu16.04 Box

en_US
fr_FR en_US

Welcome to ServiceNav!

Need help? More information about our products? Write to us!
You have taken note of our privacy policy.

[COVID - 19 ] - TELEWORKING, TARGET AVAILABILITY 100% !

While the epidemic lasts, ensure the availability and performance of your IT services for teleworking, with ServiceNav!

Following the government's call to mobilize to help businesses overcome the current health and economic context, we help you, free of charge, to ensure the complete monitoring of your teleworking environments: VPN, VDI, Teams, Skype Enterprise, Citrix... Objectives: collection, availability and usage indicators, dashboards to support your communication.
We use cookies to ensure that you have the best possible experience on our site, and if you continue to use this site, we will assume that you are satisfied with it.

Reserve your place

You have taken note of our privacy policy.