1. Home
  2. Raspberry Pi Group
  3. exim4 & SSL/TLS

exim4 & SSL/TLS

Background: Three days ago without warning my ISP withdrew my use of a legacy SMTP server that used plain text, no authentication and port 25, and I now have to use their official yahoo server with the alias smtp.tools.sky.com

This uses unencrypted authentication and SSL/TLS transport on port 465

Getting 'Dose to cooperate was a cinch but Debian on my Pi won't play nice.

The fault will be with me of course.

AIUI exim4 knows nothing about encryption, and needs something in addition. Would that be OpenSSL? How can I check if it's on my system?

AAUI, this needs no user configuration and Just Works(tm) when needed by "advertising" its services. Have I got that right?

Am I even barking up the right tree?

Here are some exim4 configs.

nano /etc/email-addresses

# This is /etc/email-addresses. It is part of the exim package # # This file contains email addresses to use for outgoing mail. Any local # part not in here will be qualified by the system domain as normal. # # It should contain lines of the form: # #user: snipped-for-privacy@isp.com #otheruser: snipped-for-privacy@anotherisp.com root: snipped-for-privacy@sky.com asterisk: snipped-for-privacy@sky.com

nano /etc/exim4/passwd.client

# password file used when the local exim is authenticating to a remote # host as a client. # # see exim4_passwd_client(5) for more documentation # # Example: ### target.mail.server.example:login:password smtp.tools.sky.com: snipped-for-privacy@sky.com:xxxxxxxxxxxxxxxx

nano /etc/exim4/update-exim4.conf.conf

# /etc/exim4/update-exim4.conf.conf # # Edit this file and /etc/mailname by hand and execute update-exim4.conf # yourself or use 'dpkg-reconfigure exim4-config' # # Please note that this is _not_ a dpkg-conffile and that automatic changes # to this file might happen. The code handling this will honor your local # changes, so this is usually fine, but will break local schemes that mess # around with multiple versions of the file. # # update-exim4.conf uses this file to determine variable values to generate # exim configuration macros for the configuration file. # # Most settings found in here do have corresponding questions in the # Debconf configuration, but not all of them. # # This is a Debian specific file

dc_eximconfig_configtype='smarthost' dc_other_hostnames='' dc_local_interfaces='127.0.0.1 ; ::1' dc_readhost='sky.com' dc_relay_domains='' dc_minimaldns='false' dc_relay_nets='' dc_smarthost='smtp.tools.sky.com::465' CFILEMODE='644' dc_use_split_config='false' dc_hide_mailname='false' dc_mailname_in_oh='true' dc_localdelivery='mail_spool'

--

Graham. 

%Profound_observation%
Reply to
Graham.
Loading thread data ...

Fair warning: this is not going to be an entirely trivial exercise, largely because it's not a popular thing to do with exim.

It almost certainly is. Assuming Raspbian or some other Debian derivative,

dpkg -l openssl

will answer that.

Then you'll need to dig into individual exim configuration files, under /etc/exim4/conf.d/ , not just the simplfied interface in update-exim4.conf.conf.

You'll need to set up a client-side authenticator. You may find some helpful pointers at conf.d/auth/30_exim4-config_examples and of course in the exim spec starting at chapter 33.

Broadly, you will need to set up an authenticator, and then tell the smtp transport to use it.

(Or get a better ISP of course.)

Roger

Reply to
Roger Bell_West

But you _may_ be able to stick username:password in /etc/exim4/passwd.client and it _may_ Just Work.

R
Reply to
Roger Bell_West

I just tested this here: The existence of a valid

/etc/exim4/passwd.client

with a valid host:passwd combo seems to be enough to force exim to use TLS to its smart relay.

No reloading necessary

Reply to
The Natural Philosopher

Thanks for that, and to the others who replied.

I have been trying all week but couldn't get it to work with my sky/yahoo account or a gmail account.

In desperation I removed it and installed sSMTP instead. What a simple thing to set up by comparison.

It worked immediately with either account, and I commend it to the group.

apt-get install ssmtp mailutils mpack

--

Graham. 

%Profound_observation%
Reply to
Graham.

Exim as packaged in Debian Jessie (and possibly Raspbian) currently doesn't work with TLS smarthosts due to a bug in GnuTLS. I set something similar up in Postfix yesterday to get local mail delivery plus smarthost forwarding for my laptop. Postfix is a lot more work than ssmtp, but if you need a full MTA with Exim's power (and without Exim or Sendmail's horrible configuration problems) then I recommend it.

Reply to
jon

From what I've read ssmtp can SEND, but can italso receive. I desperately need to get away from the web-interface for my gmail.

==TIA.

Reply to
Unknown

On Tue, 28 Apr 2015 05:03:51 +0000 (UTC), Unknown declaimed the following:

Technically, yes... By having an open port (and MX record in DNS) for other SMTP servers to connect to, for relaying mail... But it is unlikely in these spam ridden days that you'll be able to set up an SMTP server that doesn't turn into an open SPAM relay.

The common "opposite" of SMTP would be a POP3 connection. SMTP is used to send mail to servers, and said mail normally gets placed into a mailbox for the destination user. POP3 connects to a POP3 server which can read that mailbox and return the mail to the connecting user.

POP3 has always needed some form of authentication (account name and password, at the least), whereas original SMTP would accept mail from anyone at any IP, meant to be sent to anyone at any IP ("open relay"). The first form of closing that to prevent spam was to limit it to accepting mail only from "inside accounts" for relay to anyone, and to accept mail from "outsiders" only if the recipient is an insider. That is -- your system hands off the outgoing mail to your ISPs server, and it then directs it to the destination servers. Conversely, the ISP accepts mail for your mailbox, which you then use POP3 to retrieve.

Google: fetchmail

You'll have to have access to GMAIL POP3, and likely need to set up a local mailbox which you configure your client program to access.

--
	Wulfraed                 Dennis Lee Bieber         AF6VN 
    wlfraed@ix.netcom.com    HTTP://wlfraed.home.netcom.com/
Reply to
Dennis Lee Bieber

Install alpine, a text only mail reader that can be configured to access gmail via imap - a better way of remote accessing remote mailboxes than pop3. With imap the email will stay at gmail, and so be accessible via the web interface as well.

If you objection is just to the web interface, then thunderbird can be configured to access gmail accounts.

Reply to
Jim Jackson

There's no need to use IMAP just to keep messages on the server - simply configure your client not to delete messages that it downloads.

Reply to
Rob Morley

Of course not. But, using imap should keep the read/answered etc status correct and gives access to different mail folders etc. AFAIK there is no equiv using POP.

Reply to
Jim Jackson

This maybe useful:

formatting link

If you want to pull your gmail account to local storage:

formatting link
formatting link

Both are in the rasbian repositories. I don't use either, so I can not offer an opinon. Also, you can configure mutt to use IMAP servers. This may help:

formatting link 

--
Consulting Minister for Consultants, DNRC 
I can please only one person per day. Today is not your day. Tomorrow 
isn't looking good, either. 
I am BOFH. Resistance is futile. Your network will be assimilated.
Reply to
I R A Darth Aggie

minimal-way/

After investing much effort [years ago] to set-up mutt, I found that it wanted to stay-on-line. I need to operate like a suburban-train, which stops at the station for a limited time, not like google capturing your attention for SALES seduction. The ISP that unfortunately collaped plus my old software, proved that freedom from abusive monopolists was possible.

Reply to
Unknown

If you want to work primarily off line then you want to use POP3 to retrieve mail. IMAP4 is designed for online use. I rather thought that mutt (like most email clients) could do both.

--
Steve O'Hara-Smith                          |   Directable Mirror Arrays 
C:>WIN                                      | A better way to focus the sun 
The computer obeys and wins.                |    licences available see 
You lose and Bill collects.                 |    http://www.sohara.org/
Reply to
Ahem A Rivet's Shot

yeah. most stuff can.

+1 on the rest 
--
Everything you read in newspapers is absolutely true, except for the  
rare story of which you happen to have first-hand knowledge. ? Erwin Knoll
Reply to
The Natural Philosopher

to

POP or IMAP, use fetchmail to quickly download your new emails to your local machine and deal with them there. Only have to be online as long as it takes to download the new mails. And, of course, when you're ready to send a reply.

Reply to
Joe Beanfish

Then you use fetchmail or getmail, scoop up your email from $MAILPROVIDER imap/pop3 service, drop it in /var/mail/$USER and then simply:

mutt

since mutt by default looks in /var/mail/$USER. Once the fetching is configured, all you'll really need is to configure a local SMTP server to speak on your behalf to $MAILPROVIDER's SMTP.

Oh, hey, here's ssmtp:

formatting link

It's left to the student to abstract those instructions to work with any given email provider.

--
Consulting Minister for Consultants, DNRC 
I can please only one person per day. Today is not your day. Tomorrow 
isn't looking good, either. 
I am BOFH. Resistance is futile. Your network will be assimilated.
Reply to
I R A Darth Aggie

Actually Mutt has got native IMAP and SMTP support built in these days if you can stay connected for a whole session, it takes less than ten lines in muttrc, no need for fetchmail, getmail, or an external MTA. I set up Postfix with mine because I'm a huge nerd and like having a "proper unix mail subsystem" for internet email on my RPi or my laptop.

For offline reading, OfflineIMAP+maildir works fantastic with Mutt.

--
Jon
Reply to
jon

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.