EV Observe - Configure an Authenticated SMTP Relay on a Box

Last modified on 2023/06/05 20:15

Customers without an email server, or with an email server that requires authentication prior to relaying messages, must configure EV Observe to use an authenticated SMTP relay.

Notes

  • Encrypted authentication is used as a relay on the Orange IAP SMTP servers.

Best Practice

Procedures

How to configure an SMTP relay without encrypted authentication

Step 1: Create the passwd.client configuration file

1. Run the command below to create the configuration file.

nano /etc/exim4/passwd.client

2. Add the rows below.

Replace:

  • {your_email_address} with your email address in the following format, user@client.dom
  • {password} with the password of your account

# password file used when the local exim is authenticating to a remote host as a client.
# see exim4_passwd_client(5) for more documentation
#
# Example:
# target.mail.server.example:login:password
#
*:{your_email_address}:{password}

Step 2: Disable IPv6 in Exim4

1. Open the configuration file called /etc/exim4/exim4.conf.template.

2. Search for the rows indicated below.

# Macro defining the main configuration directory.
# We do not use absolute paths.
.ifndef CONFDIR
CONFDIR = /etc/exim4
.endif

3. Add the row below immediately afterwards.

disable_ipv6 = true

4. Save your modifications.
 

Step 3: Configure the sending of emails using the Exim4 message transfer agent

1. Run the commands below to run the Exim4 configuration tool.

sudo su -
cd /root/vsb_installation
./vsb_installation.pl

2. Press <Enter> to skip the network configuration and provider configuration steps.

3. Configure the sending of emails using the Exim4 message transfer agent.

  • Type y and press <Enter> in the last step of the script.
  • Specify the required information and click <OK> each time to validate your input.
    • Use the configuration: Select the Send via (smarthost) relay - no local email option.
    • System email name: Specify the name of your local network depending on your domain (client.dom).
       
    • List of IP addresses: Enter the addresses 127.0.0.1 ; ::1. Note: Use a semicolon to separate the different addresses.
    • Other destinations whose emails must be accepted: Leave this blank.
    • Domain name visible to local users: Specify the name of your local network depending on your domain (client.dom).
       
    • Network name or IP address of the smarthost system: Enter the following, {your_relay_address}::{your_relay_port}. Replace the values highlighted in yellow with the values of your environment.
       
    • Minimize DNS queries (on-demand connections)?: Select the No value.
    • Separate the configuration into multiple files: Select the No value.

At the end of the configuration, Exim4 will restart automatically. The email server will be operational.
 

Step 4: Finish the configuration

1. Configure the email addresses.

  • Open the configuration file called /etc/email-addresses.
  • Add the rows below.
    Replace {your_email_address} with your email address in the following format, user@partner.dom.

nagios: {your_email_address}
root: {your_email_address}

2. Configure the aliases.

  • Open the configuration file called /etc/aliases.
  • Modify the row below for the root user.

root: :blackhole:

3. Run the command below to restart Exim4.

service exim4 restart

How to configure an SMTP relay with encrypted authentication

Step 1: Enable TLS communication encryption

1. Run the command below to open the localmacros configuration file.

nano /etc/exim4/exim4.conf.localmacros

2. Add the row below.

MAIN_TLS_ENABLE = 1

3. Save your modifications.
 

Step 2: Create the client_smtp_auth.txt configuration file

1. Run the command below to create the configuration file.

nano /etc/exim4/client_smtp_auth.txt

2. Add the rows below and replace the following:

  • {your_email_address} with your email address in the following format, user@client.dom
  • {password} with the password of your account

IP-SMARTHOST/32 : require_ssl= true/false, type= login,plain, user={your_email_address}, pass={password}

3. Save your modifications.
 

Step 3: Update the exim4.conf configuration file

1. Run the command below to regenerate the /var/lib/exim4/config.autogenerated configuration file.

update-exim4.conf

2. Run the command below to copy the config.autogenerated file to the exim4.conf file.

cp /var/lib/exim4/config.autogenerated /etc/exim4/exim4.conf

3. Run the command below to open the exim4.conf configuration file.

nano /etc/exim4/exim4.conf

4. Search for the rows indicated below.

 #
 # WARNING WARNING WARNING
 # This file is generated dynamically from the files in
 # the conf.d/ directory, or from exim4.conf.template respectively.
 # Additional information is read from update-exim4.conf.conf
 # This version of the file was created from the directory /etc/exim4
 # Any changes you make here will be lost.
 # See /usr/share/doc/exim4-base/README.Debian.gz and update-exim4.conf(8)
 # for instructions of customization.
 # WARNING WARNING WARNING
 
#

5. Add the rows below immediately afterwards.

AUTH_CLIENT_DATA = /etc/exim4/client_smtp_auth.txt
AUTH_CLIENT_USERNAME = ${extract{user}{AUTH_CLIENT_SEND_DATA}}
AUTH_CLIENT_PASSWORD = ${extract{pass}{AUTH_CLIENT_SEND_DATA}}
AUTH_CLIENT_REQUIRED = ${filter{${readfile{AUTH_CLIENT_DATA}{:}}}{match{$item}{\N^\s*\d{1,3}(?:\.\d{1,3}){3}(?:/[0-9]{1,2})?\s*$\N}}}
AUTH_CLIENT_REQUIRE_SSL = ${filter{${sg{${filter{<\n${readfile{AUTH_CLIENT_DATA}}}{match{${extract{require_ssl}{$item}}}{\N^(?i)\s*(true|yes|1)\s*$\N}}}}{\N\n\N}{:}}}{match{$item}{\N^\s*\d{1,3}(?:\.\d{1,3}){3}\s*$\N}}}
AUTH_CLIENT_SEND_DATA = ${lookup{$host_address}iplsearch{AUTH_CLIENT_DATA}}
AUTH_CLIENT_ENABLED_PLAIN = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}}{\N^(?i)(.+,)*plain(,.+)*$\N}{true}{false}}
AUTH_CLIENT_ENABLED_LOGIN = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}}{\N^(?i)(.+,)*login(,.+)*$\N}{true}{false}}
AUTH_CLIENT_ENABLED_CRAM = ${if match{${extract{type}{AUTH_CLIENT_SEND_DATA}}}{\N^(?i)(.+,)*cram(,.+)*$\N}{true}{false}}
AUTH_CLIENT_SEND_CRAM_USER = AUTH_CLIENT_USERNAME
AUTH_CLIENT_SEND_CRAM_PASS = AUTH_CLIENT_PASSWORD
AUTH_CLIENT_SEND_LOGIN = : AUTH_CLIENT_USERNAME : AUTH_CLIENT_PASSWORD
AUTH_CLIENT_SEND_PLAIN = ^AUTH_CLIENT_USERNAME^AUTH_CLIENT_PASSWORD

6. Replace the entire remote_smtp_smarthost section with the rows below.

remote_smtp_smarthost:
  debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
  driver = smtp
  hosts_require_tls = AUTH_CLIENT_REQUIRE_SSL
  hosts_require_auth = AUTH_CLIENT_REQUIRED

7. Replace the begin authenticators section with the rows below.

begin authenticators

CRAM:
driver = cram_md5
public_name = CRAM-MD5
client_condition = AUTH_CLIENT_ENABLED_CRAM
client_name = AUTH_CLIENT_SEND_CRAM_USER
client_secret = AUTH_CLIENT_SEND_CRAM_PASS

LOGIN:
driver = plaintext
client_condition = AUTH_CLIENT_ENABLED_LOGIN
client_send = AUTH_CLIENT_SEND_LOGIN

PLAIN:
driver = plaintext
client_condition = AUTH_CLIENT_ENABLED_PLAIN
client_send = AUTH_CLIENT_SEND_PLAIN

8. Save your modifications.

9. Run the command below to restart Exim4.

service exim4 restart

Step 4: Check that emails are correctly sent in telnet

1. Run the command below to check the connection.

example  Orange IAP email relay

telnet smtp.orange.fr 25

2. Add the rows below and replace the values highlighted in yellow with your values.

Trying 193.252.22.84…
Connected to smtp.orange.fr.
Escape character is ‘^]’.
220 mwinf5d33 ME ESMTP server ready
EHLO servicenav
250-mwinf5d33 hello [90.113.178.249], pleased to meet you
250-HELP
250-AUTH LOGIN PLAIN
250-SIZE 44000000
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 OK
AUTH LOGIN <compte xxx@orange.fr encodé en base64>
334 UGFzc3dvcmQ6
<mot de passe Orange encodé en base 64>
235 2.7.0 … authentication succeeded
mail from:<compte xxx>@orange.fr
250 2.1.0 <compte xxx@orange.fr> sender ok
rcpt to:<compte cible>@dom
250 2.1.5 <compte cible@dom> recipient ok
data
354 enter mail, end with " . " on a line by itself
servicenav
.
250 2.0.0 RJZW230095PEYZW03Ja5Bg mail accepted for delivery

3. Take note of the IP address of the email server sending the reply.

example  In the file above: 193.252.22.84

 

Step 5: Check that emails are correctly sent in telnet

1. Run the command below to check the connection.

Replace the value highlighted in yellow with the value in your environment.

mail -s "Hello World" mail@domain.com
Cc:
Text
<Ctrl+D>

Tags:
Powered by XWiki © EasyVista 2022