A client or partner does not use an internal mail server and/or its server requires authentication to accept to relay messages. ServiceNav must be configured to use an authenticated SMTP relay.
The customer must provide the account and password for authentication.
- In the rest of the document we will use user@client.dom as email address / login and password as password
- in the examples the box (SNB or SNP) will have hostname hostname
- in the examples the name of the local network will be client.lan
Authentication without encryption
Create the following file: nano /etc/exim4/passwd.client.
Add the line of authentication :
# password file used when the local exim is authenticating to a remote # host as a client. # # see exim4_passwd_client( 5 ) for more documentation # # Example: ### target.mail.server.example:login:password *:user@client.dom:password |
Edit /etc/exim4/exim4.conf.template
- Add at the beginning of the file, after the following line
# Macro defining the main configuration directory. # We do not use absolute paths. .ifndef CONFDIR CONFDIR = /etc/exim4 .endif |
Line:
disable_ipv6 = true |
Configuring EXIM4 in the traditional way :
sudo su - cd /root/vsb_installation./vsb_installation.pl
Then follow the instructions on the screen:
############################### ##### VSB INSTALLATION ##### ############################### Copyright CoServIT 2012-2013. All rights reserved.## Welcome in the VSB Installation script - VSB/VSM side. ## This tool will allow you to : ## - Configure your network ## - Contact the Vsb Installation API to get your synchronization parameters ## - Configure the mail ## Note : You can exit this program with Ctrl+CPress any key to continue
Press a key to continue
Skip the ServiceNav Box network configuration: press the Enter
##### NETWORK CONFIGURATION #####Do you want to configure the Network (y/n) [default: n] :
Switch to the "Provider" configuration of the ServiceNav Box: press the Enter
##### CONTACTING INSTALLATION PROVIDER #####
Do you want to retrieve configuration by HTTP/HTTPS api (y/n) [default: n] :
The last step is to configure the sending of emails with the Exim4 email service located on the ServiceNav Box. To set up email notifications, type "y" and press the "Enter" key:
##### MAIL CONFIGURATION (EXIM4) ######Do you want to configure the Mail (y/n) [default: n] : y--> Launching exim4 config. Do not interrupt !
The Exim4 configuration tool is launched:
Here's what you need to do to answer the questions:
Configuration type :
-
- Sending by relay (smarthost) - no local mail
Email name of the system:
- client.dom
List of IP addresses to Exim will be waiting for incoming SMTP connections:
- 127.0.0.1 ; ::1
Other destinations whose email must be accepted:
- (white)
Visible domain name for local users :
- client.dom
Network name or IP address of the smarthost system :
- address::portrelais
Should we minimize DNS queries (on-demand connections)?
- No
Should the configuration be separated into several files?
- No
Once the configuration is complete the service will restart:
* Stopping MTA for restart [ OK ]* Restarting MTA [ OK ]--> Exim4 config finished
- Edit /etc/email-addresses
- Add the following lines:
- nagios: user@client.dom
- root: user@client.dom
- Edit /etc/aliases
- Change the line for the root user: root: :blackhole:
- Restart exim4
service exim4 restart
Authentication with encryption
This is particularly the case for relaying to the SMTP servers of the Orange ISP.
nano /etc/exim4/exim4.conf.localmacros Add this: MAIN_TLS_ENABLE = 1 |
Create the following file: nano /etc/exim4/client_smtp_auth.txt
Then add the line :
IP-SMARTHOST/32: require_ssl="true/false " type="login,plain " user="user@client.dom " pass="password "
Then run :
update-exim4.conf |
This command updates the /var/lib/exim4/config.autogenerated file.
Copy the previously generated file : cp /var/lib/exim4/config.autogenerated /etc/exim4/exim4.conf
Then : nano /etc/exim4/exim4.conf
Edit this file. Put the red lines at the beginning of the file:
###
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# This file is generated dynamically from the files in
# the conf.d/ directory, or from exim4.conf.template respectively.
# Additional information is read from update-exim4.conf.conf
# This version of the file was created from the directory /etc/exim4
# Any changes you make here will be lost.
# See /usr/share/doc/exim4-base/README.Debian.gz and update-exim4.conf(8)
# for instructions of customization.
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
#########
AUTH_CLIENT_DATA = /etc/exim4/client_smtp_auth.txt
AUTH_CLIENT_USERNAME = ${extract{user}{AUTH_CLIENT_SEND_DATA}}
AUTH_CLIENT_PASSWORD = ${extract{pass}{AUTH_CLIENT_SEND_DATA}}
AUTH_CLIENT_REQUIRED = ${filter{${readfile{AUTH_CLIENT_DATA}{:}}}{match{$item}{\N^\s*\d{1,3}(?:\.\d{1,3}){3}(?:/[0-9]{1,2})?\s*$\N}}}
AUTH_CLIENT_REQUIRE_SSL = ${filter{${sg{${filter{<\n${readfile{AUTH_CLIENT_DATA}}}{match{${extract{require_ssl}{$item}}{\N^(?i)\s*(true|yes|1)\s*$\N}}}}{\N\n\N}{:}}}{match{$item}{\N^\s*\d{1,3}(?:\.\d{1,3}){3}\s*$\N}}}
AUTH_CLIENT_SEND_DATA = ${lookup{$host_address}iplsearch{AUTH_CLIENT_DATA}}
AUTH_CLIENT_ENABLED_PLAIN = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}}{\N^(?i)(.+,)*plain(,.+)*$\N}{true}{false}}
AUTH_CLIENT_ENABLED_LOGIN = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}}{\N^(?i)(.+,)*login(,.+)*$\N}{true}{false}}
AUTH_CLIENT_ENABLED_CRAM = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}}{\N^(?i)(.+,)*cram(,.+)*$\N}{true}{false}}
AUTH_CLIENT_SEND_CRAM_USER = AUTH_CLIENT_USERNAME
AUTH_CLIENT_SEND_CRAM_PASS = AUTH_CLIENT_PASSWORD
AUTH_CLIENT_SEND_LOGIN = : AUTH_CLIENT_USERNAME : AUTH_CLIENT_PASSWORD
AUTH_CLIENT_SEND_PLAIN = ^AUTH_CLIENT_USERNAME^AUTH_CLIENT_PASSWORD
exim_path = /usr/sbin/exim4
...
Replace the entire section entitled remote_smtp_smarthost by the following lines:
remote_smtp_smarthost:
debug_print = " T: remote_smtp_smarthost for $local_part@$domain "
driver = smtp
hosts_require_tls = AUTH_CLIENT_REQUIRE_SSL
hosts_require_auth = AUTH_CLIENT_REQUIRED
In the same file, at the end, replace the section begin authenticators with the one below:
begin authenticators
CRAM:
driver = cram_md5
public_name = CRAM-MD5
client_condition = AUTH_CLIENT_ENABLED_CRAM
client_name = AUTH_CLIENT_SEND_CRAM_USER
client_secret = AUTH_CLIENT_SEND_CRAM_PASS
LOGIN:
driver = plaintext
client_condition = AUTH_CLIENT_ENABLED_LOGIN
client_send = AUTH_CLIENT_SEND_LOGIN
PLAIN:
driver = plaintext
client_condition = AUTH_CLIENT_ENABLED_PLAIN
client_send = AUTH_CLIENT_SEND_PLAIN
Once the configuration is saved, the exim4 server must be restarted: service exim4 restart
Verify the correct sending of email under telnet
The following example was carried out with a mail relay at the Orange ISP.
telnet smtp.orange.fr 25 |
Dialogue, in bold what to enter:
Trying 193.252.22.84...
Connected to smtp.orange.com.
Escape character is '^]'.
220 mwinf5d33 ME ESMTP server ready
EHLO servicenav
250-mwinf5d33 hello [90.113.178.249], pleased to meet you
250-HELP
250-AUTH LOGIN PLAIN
250-SIZE 44000000
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 OK
AUTH LOGIN
334 UGFzc3dvcmQ6
<Orange password encoded in base 64
235 2.7.0 ... authentication succeeded
mail from:@orange.fr
250 2.1.0 sender ok
rcpt to:@dom
250 2.1.5 recipient ok
data
354 enter mail, end with "." on a line by itself
servicenav
.
250 2.0.0 RJZW230095PEYZW03Ja5Bg mail accepted for delivery
Locate the IP of the mail server that answers, here: 193.252.22.84
Verify the correct sending of emails under exim4
To test the sending of emails, type the following command and adapt it to your needs:
#MTest Method 1 mail -s "Hello World" mail@domaine.com Cc: Text #MTest Method 2