Documentations

Configure a ServiceNav Box to use a mail server with authentication

On the page

Do you need help?

A client or partner does not use an internal mail server and/or its server requires authentication to accept to relay messages. ServiceNav must be configured to use an authenticated SMTP relay.

The customer must provide the account and password for authentication.

  • In the rest of the document we will use user@client.dom  as email address / login and password as password
  • in the examples the box (SNB or SNP) will have hostname hostname
  • in the examples the name of the local network will be client.lan

Authentication without encryption

Create the following file: nano /etc/exim4/passwd.client.

Add the line of authentication :

# password file used when the local exim is authenticating to a remote
# host as a client.
#
# see exim4_passwd_client(5for more documentation
#
# Example:
### target.mail.server.example:login:password
*:user@client.dom:password

Edit /etc/exim4/exim4.conf.template

  • Add at the beginning of the file, after the following line
# Macro defining the main configuration directory.
# We do not use absolute paths.
.ifndef CONFDIR
CONFDIR = /etc/exim4
.endif

Line:

disable_ipv6 = true

Configuring EXIM4 in the traditional way : 

sudo su -
cd /root/vsb_installation
./vsb_installation.pl

Then follow the instructions on the screen:

###############################
 ##### VSB INSTALLATION #####
 ###############################
 Copyright CoServIT 2012-2013. All rights reserved.
 ## Welcome in the VSB Installation script - VSB/VSM side.
 ## This tool will allow you to :
 ## - Configure your network
 ## - Contact the Vsb Installation API to get your synchronization parameters
 ## - Configure the mail
 ## Note : You can exit this program with Ctrl+C
Press any key to continue

Press a key to continue

Skip the ServiceNav Box network configuration: press the Enter

##### NETWORK CONFIGURATION #####
Do you want to configure the Network (y/n) [default: n] :

Switch to the "Provider" configuration of the ServiceNav Box: press the Enter

##### CONTACTING INSTALLATION PROVIDER #####
Do you want to retrieve configuration by HTTP/HTTPS api (y/n) [default: n] :

The last step is to configure the sending of emails with the Exim4 email service located on the ServiceNav Box. To set up email notifications, type "y" and press the "Enter" key:

##### MAIL CONFIGURATION (EXIM4) ######
Do you want to configure the Mail (y/n) [default: n] : y
--> Launching exim4 config. Do not interrupt !

The Exim4 configuration tool is launched:

Here's what you need to do to answer the questions:

Configuration type :

    • Sending by relay (smarthost) - no local mail

Email name of the system:

  • client.dom

List of IP addresses to Exim will be waiting for incoming SMTP connections:

  • 127.0.0.1 ; ::1

Other destinations whose email must be accepted:

  • (white)

Visible domain name for local users :

  • client.dom

Network name or IP address of the smarthost system :

  • address::portrelais

Should we minimize DNS queries (on-demand connections)?

  • No

Should the configuration be separated into several files?

  • No

Once the configuration is complete the service will restart:

* Stopping MTA for restart [ OK ]
* Restarting MTA [ OK ]
--> Exim4 config finished
  • Edit /etc/email-addresses
    • Add the following lines:
    • nagios: user@client.dom
    • root: user@client.dom
  • Edit /etc/aliases
    • Change the line for the root user: root: :blackhole:
  • Restart exim4

service exim4 restart

Authentication with encryption

This is particularly the case for relaying to the SMTP servers of the Orange ISP.

nano /etc/exim4/exim4.conf.localmacros
Add this:
MAIN_TLS_ENABLE = 1

Create the following file: nano /etc/exim4/client_smtp_auth.txt

Then add the line :

IP-SMARTHOST/32: require_ssl="true/false " type="login,plain " user="user@client.dom " pass="password "

Then run :

update-exim4.conf

This command updates the /var/lib/exim4/config.autogenerated file.

Copy the previously generated file : cp /var/lib/exim4/config.autogenerated /etc/exim4/exim4.conf

Then : nano /etc/exim4/exim4.conf

Edit this file. Put the red lines at the beginning of the file:

###
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# This file is generated dynamically from the files in
# the conf.d/ directory, or from exim4.conf.template respectively.
# Additional information is read from update-exim4.conf.conf
# This version of the file was created from the directory /etc/exim4
# Any changes you make here will be lost.
# See /usr/share/doc/exim4-base/README.Debian.gz and update-exim4.conf(8)
# for instructions of customization.
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
#########

AUTH_CLIENT_DATA = /etc/exim4/client_smtp_auth.txt
AUTH_CLIENT_USERNAME = ${extract{user}{AUTH_CLIENT_SEND_DATA}}
AUTH_CLIENT_PASSWORD = ${extract{pass}{AUTH_CLIENT_SEND_DATA}}
AUTH_CLIENT_REQUIRED = ${filter{${readfile{AUTH_CLIENT_DATA}{:}}}{match{$item}{\N^\s*\d{1,3}(?:\.\d{1,3}){3}(?:/[0-9]{1,2})?\s*$\N}}}
AUTH_CLIENT_REQUIRE_SSL = ${filter{${sg{${filter{<\n${readfile{AUTH_CLIENT_DATA}}}{match{${extract{require_ssl}{$item}}{\N^(?i)\s*(true|yes|1)\s*$\N}}}}{\N\n\N}{:}}}{match{$item}{\N^\s*\d{1,3}(?:\.\d{1,3}){3}\s*$\N}}}
AUTH_CLIENT_SEND_DATA = ${lookup{$host_address}iplsearch{AUTH_CLIENT_DATA}}
AUTH_CLIENT_ENABLED_PLAIN = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}}{\N^(?i)(.+,)*plain(,.+)*$\N}{true}{false}}
AUTH_CLIENT_ENABLED_LOGIN = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}}{\N^(?i)(.+,)*login(,.+)*$\N}{true}{false}}
AUTH_CLIENT_ENABLED_CRAM = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}}{\N^(?i)(.+,)*cram(,.+)*$\N}{true}{false}}
AUTH_CLIENT_SEND_CRAM_USER = AUTH_CLIENT_USERNAME
AUTH_CLIENT_SEND_CRAM_PASS = AUTH_CLIENT_PASSWORD
AUTH_CLIENT_SEND_LOGIN = : AUTH_CLIENT_USERNAME : AUTH_CLIENT_PASSWORD
AUTH_CLIENT_SEND_PLAIN = ^AUTH_CLIENT_USERNAME^AUTH_CLIENT_PASSWORD

exim_path = /usr/sbin/exim4
...

Replace the entire section entitled remote_smtp_smarthost by the following lines:

remote_smtp_smarthost:
  debug_print = " T: remote_smtp_smarthost for $local_part@$domain "
  driver = smtp
  hosts_require_tls = AUTH_CLIENT_REQUIRE_SSL
  hosts_require_auth = AUTH_CLIENT_REQUIRED

In the same file, at the end, replace the section begin authenticators with the one below:

begin authenticators

CRAM:
driver = cram_md5
public_name = CRAM-MD5
client_condition = AUTH_CLIENT_ENABLED_CRAM
client_name = AUTH_CLIENT_SEND_CRAM_USER
client_secret = AUTH_CLIENT_SEND_CRAM_PASS

LOGIN:
driver = plaintext
client_condition = AUTH_CLIENT_ENABLED_LOGIN
client_send = AUTH_CLIENT_SEND_LOGIN

PLAIN:
driver = plaintext
client_condition = AUTH_CLIENT_ENABLED_PLAIN
client_send = AUTH_CLIENT_SEND_PLAIN

Once the configuration is saved, the exim4 server must be restarted: service exim4 restart

Verify the correct sending of email under telnet

The following example was carried out with a mail relay at the Orange ISP.

telnet smtp.orange.fr 25

Dialogue, in bold what to enter:

Trying 193.252.22.84...
Connected to smtp.orange.com.
Escape character is '^]'.
220 mwinf5d33 ME ESMTP server ready
EHLO servicenav
250-mwinf5d33 hello [90.113.178.249], pleased to meet you
250-HELP
250-AUTH LOGIN PLAIN
250-SIZE 44000000
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 OK
AUTH LOGIN
334 UGFzc3dvcmQ6
<Orange password encoded in base 64
235 2.7.0 ... authentication succeeded
mail from:@orange.fr
250 2.1.0 sender ok
rcpt to:@dom
250 2.1.5 recipient ok
data
354 enter mail, end with "." on a line by itself
servicenav
.
250 2.0.0 RJZW230095PEYZW03Ja5Bg mail accepted for delivery

Locate the IP of the mail server that answers, here: 193.252.22.84

Verify the correct sending of emails under exim4

To test the sending of emails, type the following command and adapt it to your needs:

#MTest Method 1
mail -s "Hello World" mail@domaine.com
Cc:
Text


#MTest Method 2

You may also be interested in

servicenav hyperV1

Commissioning of a ServiceNav Box

Replace a ServiceNav Box Ubuntu 16.04 with a ServiceNav Box 4.17 Ubuntu 20.04

Setting up a proxy on a ServiceNav Box

en_GB

Welcome to ServiceNav!

Do you need some help? More information about our products? Write to us!
You have taken note of our privacy policy.
We use cookies to ensure the best experience on our site. If you continue to use this site, we will assume that you are satisfied with it.

Reserve your place

You have taken note of our privacy policy.