Configure SMTP-Auth on exim4

Ever tried to get STMP-Auth running on your own exim4 instance?

Well it is really not much of a problem if you are running Debian and have access to the infamous internet.

This post is basically a copy-cat of the great post from debian-administration.org on HowTo Setup Basic SMTP AUTH in Exim4

The post was a great help, but afterwards my server was still not accepting my SMTP request to send an email. Some people in the comments complained that it was still not working for them, but since the post is inactive for more than a year I decided to post it on my blog.

So lets start …

We assume you have exim4 running, all mails get delivered to the correspondig home-dirs and you can access your server via STMP (PORT 25) without SSL or TLS to send an email to a non-relayed host. (Means to a local mail recipient).

I will copy now the steps from debian-administration.org in case the posts is going offline …

We need to generate a self-signed SSL-certificate by calling

 
/usr/share/doc/exim4-base/examples/exim-gencert
Be sure to add the certificate to your keychain once you connect later on.

Then go to
/etc/exim4/conf.d/auth/30_exim4-config_examples
and uncomment this whole bunch
# plain_server:
# driver = plaintext
# public_name = PLAIN
# server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
# server_set_id = $auth2
# server_prompts = :
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif

and this whole bunch
# login_server:
# driver = plaintext
# public_name = LOGIN
# server_prompts = "Username:: : Password::"
# server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif

These steps will enable you to login via auth plain and auth login. Depending on your eMail program you may need the one or the other. It is save to enable both, your program will choose the correct automatically.

Then the tutorials says to add the line
MAIN_TLS_ENABLE = true
to the file
/etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
This configuration is correct but it makes debugging HARD, since now your server does not respond with 250-AUTH plain when you do an EHLO localhost via telnet on your server. You first have to do a STARTTLS or use openssl in the first place ;).

Before we de create a new user via
/usr/share/doc/exim4-base/examples/exim-adduser
and the restart via
update-exim4.conf
/etc/init.d/exim4 restart

Now we connect through openssl by calling this command
openssl s_client -host my.server.name -port 25 -starttls smtp
 

and everything should be working fine.

If you receive the error like 435 Unable to authenticate at present” then maybe exim4 cannot read your passwd file under /etc/exim4/passwd for debugging try to set it to 777, but if it works set it to the correct value, according to the group exim4 is in.

 

A good german post on testing SMTP-Auth with telnet is on computer-tipps.info : Testing SMTP with Telnet

 

Leave a Reply