Documentation

Configuring a ServiceNav Box to use a mail server with authentication

On the page

Need some help?

A client or partner does not use an internal mail server and/or its server requires authentication to agree to relay messages. ServiceNav must be configured to use an authenticated SMTP relay.

The client must provide the authentication account and password.

  • in the rest of the document we will use user@client.dom  as email address / login and password as password
  • in the examples the box (SNB or SNP) will have for hostname hostname
  • in the examples the name of the local network will be client.lan

Authentication without encryption

Create the following file : nano /etc/exim4/passwd.client.

Add the authentication line :

# password file used when the local exim is authenticating to a remote
# host as a client.
#
# see exim4_passwd_client(5for more documentation
#
# Example:
### target.mail.server.example:login:password
*:user@client.dom: password

Edit /etc/exim4/exim4.conf.template

  • Add towards the beginning of the file, after the following lines
# Macro defining the main configuration directory.
# We do not use absolute paths.
.ifndef CONFIDER
CONFIDER = /etc/exim4
.endif

The line:

disable_ipv6 = true

Configure EXIM4 in the traditional way : 

sudo su - cd /root/vsb_installation
./vsb_installation.pl

Then follow the instructions on the screen:

############################################################
 ####### VSB INSTALLATION ########
 ############################################################
 Copyright CoServIT 2012-2013. All rights reserved.
 ## Welcome in the VSB Installation script - VSB/VSM side. ## This tool will allow you to: ## - Configure your network ## - Contact the Vsb Installation API to get your synchronization parameters ## - Configure the mail ## Note : You can exit this program with Ctrl+C
Press any key to continue

Press any key to continue

To skip the ServiceNav Box network configuration: Click Enter

###### NETWORK CONFIGURATION #############
Do you want to configure the Network (y/n) [default: n] :

To skip the "Provider" configuration of the ServiceNav Box: Click Enter

###### CONTACTING INSTALLATION PROVIDER #############
Do you want to retrieve configuration by HTTP/HTTPS api (y/n) [default: n] :

The last step is to configure the sending of emails with the Exim4 email service running on the ServiceNav Box. To configure the sending of notification emails, type "y" and hit the "Enter" key:

###### MAIL CONFIGURATION (EXIM4) #############
Do you want to configure the Mail (y/n) [default: n] : y
--> Launching exim4 config. do not interrupt!

The Exim4 configuration tool launches:

Here's what you need to answer the questions:

Type of configuration :

    • Relay (smarthost) - no local mail

System email name:

  • client.dom

List of IP addresses at Exim will be waiting for incoming SMTP connections:

  • 127.0.0.1 ; ::1

Other destinations for which email must be accepted:

  • (blank)

Domain name visible to local users :

  • client.dom

Network name or IP address of the smarthost system :

  • realadress::realport

Should DNS queries (connections on demand?) be minimized?

  • No

Is it necessary to separate the configuration into several files?

  • No

Once the configuration is complete, the service restarts:

* Stopping MTA for restart [ OK ]
* Restarting MTA [ OK ]
--> Exim4 config finished
  • Change /etc/email-addresses
    • Add the following lines :
    • nagios: user@client.dom
    • root: user@client.dom
  • Change /etc/aliases
    • Change the line for the root user : root: :blackhole:
  • Restart exim4

exim4 restart service

Authentication with encryption

This is notably the case for relaying on the Orange ISP's SMTP servers.

nano /etc/exim4/exim4.conf.localmacros
Add this:
MAIN_TLS_ENABLE = 1

Create the following file : nano /etc/exim4/client_smtp_auth.txt

Then add the line :

IP-SMARTHOST/32: require_ssl= "true/false " type= "login,plain " user= "user@client.dom " pass= "motdepasse "

Execute next:

update-exim4.conf

This command updates the /var/lib/exim4/config.autogenerated file.

Copy the previously generated file : cp /var/lib/exim4/config.autogenerated /etc/exim4/exim4.conf

And then..: nano /etc/exim4/exim4.conf

Edit this file. Put at the beginning of the file the lines in red :

###
# WARNING WARNING
# WARNING WARNING
# WARNING WARNING
# WARNING WARNING
# WARNING WARNING
# This file is generated dynamically from the files in
# the conf.d/ directory, or from exim4.conf.template respectively.
# Additional information is read from update-exim4.conf
# This version of the file was created from the directory /etc/exim4
# Any changes you make here will be lost.
# See /usr/share/doc/exim4-base/README.Debian.gz and update-exim4.conf(8)
# for instructions of customization.
# WARNING WARNING
# WARNING WARNING
# WARNING WARNING
# WARNING WARNING
# WARNING WARNING
#########

AUTH_CLIENT_DATA = /etc/exim4/client_smtp_auth.txt
AUTH_CLIENT_USERNAME = ${extract{user}{AUTH_CLIENT_SEND_DATA}}
AUTH_CLIENT_PASSWORD = ${extract{pass}{AUTH_CLIENT_SEND_DATA}}
AUTH_CLIENT_REQUIRED = ${filter{${readfile{AUTH_CLIENT_DATA}{:}}}{match{$item}{\N^\s*\d{1,3}(?:\.\d{1,3}){3}(?:/[0-9]{1,2})?\s*$\N}}}
AUTH_CLIENT_QUIRE_SSL = ${filter{${sg{${filter{<\n${readfile{AUTH_CLIENT_DATA}}}{match{${extract{require_ssl}{$item}}}{\N^(?i)\s*(true|yes|1)\s*$\N}}}}{\N\n\N}{:}}}{match{$item}{\N^\s*\d{1,3}(?:\.\d{1,3}){3}\s*$\N}}}
AUTH_CLIENT_SEND_DATA = ${lookup{$host_address}iplsearch{AUTH_CLIENT_DATA}}
AUTH_CLIENT_ENABLED_PLAIN = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}{\N^(?i)(.+,)*plain(,.+)*$\N}{true}{false}
AUTH_CLIENT_ENABLED_LOGIN = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}{\N^(?i)(.+,)*login(,.+)*$\N}{true}{false}}
AUTH_CLIENT_ENABLED_CRAM = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}{\N^(?i)(.+,)*cram(,.+)*$\N}{true}{false}}
AUTH_CLIENT_SEND_CRAM_USER = AUTH_CLIENT_USERNAME
AUTH_CLIENT_SEND_CRAM_PASS = AUTH_CLIENT_PASSWORD
AUTH_CLIENT_SEND_LOGIN =: AUTH_CLIENT_USERNAME: AUTH_CLIENT_PASSWORD
AUTH_CLIENT_SEND_PLAIN = ^AUTH_CLIENT_USERNAME^AUTH_CLIENT_PASSWORD

exim_path = /usr/sbin/exim4

Replace the entire section entitled remote_smtp_smarthost by the following lines:

remote_smtp_smarthost:
  debug_print = "T: remote_smtp_smarthost for $local_part@$domain".
  driver = smtp
  hosts_require_tls = AUTH_CLIENT_REQUIRE_SSL
  hosts_require_auth = AUTH_CLIENT_REQUIRED

Still in the same file, at the end, replace the section begin authenticators with the one below:

begin authenticators

CRAM:
driver = cram_md5
public_name = CRAM-MD5
client_condition = AUTH_CLIENT_ENABLED_CRAM
client_name = AUTH_CLIENT_SEND_CRAM_USER
secret_client = AUTH_CLIENT_SEND_CRAM_PASS

LOGIN:
driver = plaintext
client_condition = AUTH_CLIENT_ENABLED_LOGIN
client_send = AUTH_CLIENT_SEND_LOGIN

PLAIN:
driver = plaintext
client_condition = AUTH_CLIENT_ENABLED_PLAIN
client_send = AUTH_CLIENT_SEND_PLAIN

Once the configuration is saved, the exim4 server has to be restarted: exim4 restart service

Check the correct sending of email under telnet

Example below carried out with a mail relay at the Orange ISP.

telnet smtp.orange.fr 25

Dialogue, in bold what to enter:

Trying 193.252.22.84...
Connected to smtp.orange.fr.
Escape character is '^]'.
220 mwinf5d33 ME ESMTP server ready
EHLO servicenav
250-mwinf5d33 hello [90.113.178.249], pleased to meet you
250-HELP
250-AUTH LOGIN PLAIN
250-SIZE 440000
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 OK
AUTH LOGIN
334 UGFzc3dvcmQ6

235 2.7.0 ... authentication succeeded
mail from:@orange.fr
250 2.1.0 sender ok
rcpt to:@dom
250 2.1.5 recipient ok
data
354 enter mail, end with . "? on a line by itself ?
servicenav
.
250 2.0.0 RJZW230095PEYZW03Ja5Bg mail accepted for delivery

Locate the IP of the responding mail server, here: 193.252.22.84

Check the correct sending of email under exim4

To test the sending of emails, type the following command adapting it to your needs:

#Mtest method 1
mail -s "Hello World" mail@domaine.com
Cc:
Text


#Mtest method 2

This may also be of interest to you

tel1

Ensuring and maintaining the availability of ServiceNav Boxes

install script

Preparing for ServiceNav Box DR

Replacing an Ubuntu12.04 with a ServiceNav 4.0 Ubuntu16.04 Box

en_US

Welcome to ServiceNav!

Need help? More information about our products? Write to us!
You have taken note of our privacy policy.

[COVID - 19 ] - TELEWORKING, TARGET AVAILABILITY 100% !

While the epidemic lasts, ensure the availability and performance of your IT services for teleworking, with ServiceNav!

Following the government's call to mobilize to help businesses overcome the current health and economic context, we help you, free of charge, to ensure the complete monitoring of your teleworking environments: VPN, VDI, Teams, Skype Enterprise, Citrix... Objectives: collection, availability and usage indicators, dashboards to support your communication.
We use cookies to ensure that you have the best possible experience on our site, and if you continue to use this site, we will assume that you are satisfied with it.

Reserve your place

You have taken note of our privacy policy.