Linux   Linux – Exim: Authenticated and TLS mail through smarthost



Exim is a very flexible and common MTA (mail transfer agent) in Unix systems.
This posts shows the way to configure Exim as client to send authenticated and encrypted (TLS) emails through a smarthost.

Lets suppose the smarthost email server is listening on port 587 for secure outgoing SMTP…

Configure exim to use the smarthost

To configure exim In debian systems (if you have visited previous posts, you probably know i am a debian fan):

dpkg-reconfigure exim4-config

(Only showing the screens related to the goal we want to achieve)

Configure exim as satellite (mail sent by smarhost; no local domain)
Linux - Exim Authenticated and TLS mail through smarthost

Set the smarthost hostname[::port]  (for example smtp.domain.com::587)Linux - Exim Authenticated and TLS mail through smarthost

If you need to configure exim by editing the config file (instead of using dpkg-reconfigure), these are the related values:

dc_eximconfig_configtype='satellite'
dc_smarthost='smtp.bilbokoudala.lan::587'

Configure credentials to authenticate

Exim has a password file called passwd.client that allows configurin a list of credentials associated to each smarthost. In my debian 9, the full path is /etc/exim4/passwd.client

Edit the file to add the credentials

# password file used when the local exim is authenticating to a remote
# host as a client.
#
# see exim4_passwd_client(5) for more documentation
#
# Example:
### target.mail.server.example:login:password
smtp.domain.com:smtpuser:smtppassword

Test it

Send a mail and check exim logs (/var/log/exim4/mainlog)…

2017-12-19 13:29:52 1eRH1r-0003vG-U8 => myemail@gmail.com R=smarthost T=remote_smtp_smarthost H=smtp.domain.com [10.100.100.50] X=TLS1.0:RSA_AES_256_CBC_SHA1:256 CV=no DN="C=ES,ST=MyState,L=MyCity,O=MyORG,OU=MyOU,CN=smtp.domain.com" A=plain C="250 ok:  Message 8285030 accepted"

… and smarthost logs if available (in this example a Cisco Ironport):

Tue Dec 19 13:29:52 2017 Info: SMTP Auth: (ICID 44485983) succeeded for user: smtpuser using AUTH mechanism: PLAIN with profile: SMTP_TLS

Leave a Reply

Your email address will not be published. Required fields are marked *