Configuring an SMTP Relay

Published March 2016

smtp relay

I've discovered that our new scanner doesn't support any sort of encryption for email transmission, so not only will authenticating with something like the fastmail smtp server not work (because it won't allow plain text passwords) but you wouldn't want to anyway because security.

So the best solution will be to configure a relay on our file server so that at least the unencrypted transmission is happening in our LAN.

handy howto here on debian wiki. This discussed gmail, but sparkpost smtp transmission api will work too.

Exim is a mail transfer agent (MTA?) the thing that transfers mail.

I have had some drama configuring this but I might have forgotten about the minutia. Basically I followed the howto above.

dpkg-reconfigure exim4-config


nano /etc/exim4/passwd.client

and add ..{apikeyhere}

configure auth

if you chose to split things into small files then you'll have /etc/exim4/conf.d/auth/ which contains 30_exim4-config_examples which has some useful information.

This configuration suits my needs but obviously unsuitable for multiple users et cetera.

so ..

nano /etc/exim4/conf.d/auth/40_documents

and add something like:

    driver = plaintext
    public_name = PLAIN
    server_condition = "${if and {{eq{$auth2}{documents}}{eq{$auth3}{mysecret}}}}"
    server_set_id = $auth2
    server_prompts = :
    server_advertise_condition = true

obviously this is just plugging in a plaintext auth driver, the magic happens in the server_condition value, so the login & pass I've specified is documents:mysecret

useful commands

see logs:

tail  /var/log/exim4/mainlog

see queue / spool:

exim -bp

see log for frozen message.. this is pretty useful because in the case of sparkpost it will show you the API error.

exim -Mvl id

swaks probes your smtp server:

apt-get install swaks libnet-ssleay-perl
swaks -s -a -au documents -ap 'mysecret' -q AUTH

Will generate output like so:

=== Trying
=== Connected to
<-  220 hmoffice ESMTP Exim 4.84_2 Sat, 11 Mar 2017 19:36:38 +0800
 -> EHLO
<-  250-hmoffice Hello []
<-  250-SIZE 52428800
<-  250-8BITMIME
<-  250-AUTH PLAIN
<-  250 HELP
<-  235 Authentication succeeded
 -> QUIT
<-  221 hmoffice closing connection
=== Connection closed with remote host.

send email from cli:

mail -s "test 3" < /dev/null