Bug#430057: exim4-config: Some macros and documentation to facilitate easier config of SMTP AUTH

Ian Wienand ianw at debian.org
Fri Jun 22 02:31:45 UTC 2007 

Package: exim4-config
Version: 4.67-3
Severity: wishlist
Tags: patch

Hi,

I wrote a blog post about getting exim to use SMTP AUTH over a secure
tunnel, and it has elicited several responses.  Clearly there is a
need for the package to do this.

I understand this shouldn't be asked by default as per #364690, but
with just a few extra macros and some documentation I think it could
be quite easy to set up.

Please see the attached patch; I believe this should allow SMTP AUTH
with just a few entries in the local macros file.

Thanks,

-i

-- Package-specific info:
Exim version 4.67 #1 built 18-Jun-2007 10:32:53
Copyright (c) University of Cambridge 2006
Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September  6, 2005)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.21.1
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages exim4-config depends on:
ii  adduser                       3.103      Add and remove users and groups
ii  debconf [debconf-2.0]         1.5.13     Debian configuration management sy

exim4-config recommends no packages.

-- debconf information excluded
-------------- next part --------------
diff -ur ../exim4-4.67/debian/debconf/conf.d/router/200_exim4-config_primary ./debian/debconf/conf.d/router/200_exim4-config_primary
--- ../exim4-4.67/debian/debconf/conf.d/router/200_exim4-config_primary	2007-06-22 11:28:21.000000000 +1000
+++ ./debian/debconf/conf.d/router/200_exim4-config_primary	2007-06-22 12:05:15.000000000 +1000
@@ -81,6 +81,12 @@
   route_list = * DCsmarthost byname
   host_find_failed = defer
   same_domain_copy_routing = yes
+.ifdef SMARTHOST_ALLOW_SELF_SEND
+  # Setting this allows exim to use localhost as a smarthost
+  # This might be useful if you have a secure tunnel
+  # to a remote SMTP server (on another port) on your local machine
+  self = send
+.endif
   no_more
 
 .endif
diff -ur ../exim4-4.67/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost ./debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost
--- ../exim4-4.67/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost	2007-06-22 11:28:21.000000000 +1000
+++ ./debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost	2007-06-22 12:21:32.000000000 +1000
@@ -25,3 +25,9 @@
 .ifdef REMOTE_SMTP_RETURN_PATH
   return_path = REMOTE_SMTP_RETURN_PATH
 .endif
+.ifdef REMOTE_SMTP_HOSTS_REQUIRE_AUTH
+  hosts_require_auth = REMOTE_SMTP_HOSTS_REQUIRE_AUTH
+.endif
+.ifdef REMOTE_SMTP_PORT
+  port = REMOTE_SMTP_PORT
+.endif
diff -ur ../exim4-4.67/debian/README.Debian.xml ./debian/README.Debian.xml
--- ../exim4-4.67/debian/README.Debian.xml	2007-06-22 11:28:21.000000000 +1000
+++ ./debian/README.Debian.xml	2007-06-22 12:24:04.000000000 +1000
@@ -1254,6 +1254,58 @@
 	  Debian-exim). It is suggested that you keep the default
 	  permissions root:Debian-exim 0640.
 	</para>
+	<para>
+	  Some ISPs require you to use a secure tunnel to the SMTP
+          server, and then authenicate over it in plain text.  Set-up
+          your passwords in
+          <filename>/etc/exim4/password.client</filename> as before.
+          Then, open a tunnel to the remote mail server using a tool
+          such as <filename>stunnel</filename> (this usually tunnels
+          port 465).  Exim should then be configured to use
+          "localhost" as the smarthost, however, you then need to
+          re-configure Exim slightly to use the channel.  In the
+          macros file (see <xref linkend="macros"/>) add the following
+        </para>
+     	<orderedlist>
+	  <listitem>
+	    <simpara>
+              AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS	= true
+            </simpara>
+	    <simpara>
+              This forces Exim to send the username/password
+              unencrypted via the encrypted tunnel.
+            </simpara>
+	  <listitem>
+	    <simpara>
+	      REMOTE_SMTP_HOSTS_REQUIRE_AUTH = localhost
+            </simpara>
+	    <simpara>
+              This ensures that Exim will always use authentication
+              over the link (even though it doesn't look like a secure
+              link).
+            </simpara>
+	  </listitem>
+	  <listitem>
+	    <simpara>
+	      REMOTE_SMTP_PORT = 465
+            </simpara>
+	    <simpara>
+              The port your tunnel to your ISPs mail server is running
+              on.  This is usually 465.
+            </simpara>
+	  </listitem>
+	  <listitem>
+	    <simpara>
+	      SMARTHOST_ALLOW_SELF_SEND=true
+            </simpara>
+	    <simpara>
+              By default, Exim won't consider localhost a valid
+              smarthost, because it would make a loop.  However, our
+              "localhost" is a tunnel to a real host, so we can
+              over-ride this behaviour.
+            </simpara>
+	  </listitem>
+
       </section>
       <section>	<title>Using Exim as SMTP-AUTH server</title>
 	<para>

More information about the Pkg-exim4-maintainers mailing list