stevepedwards.com/DebianAdmin linux mint IT admin tips info

Exim4 MTA – Message Transfer Agent

            Exim4 MTA – Message Transfer Agent

The main reason to get this on my home network is so other apps like LMD, ClamAV or Snort can email you in the event of an issue they may discover, as well as the obvious educational aspect.

First, mail basics - read this:

https://www.debian.org/doc/manuals/debian-reference/ch06.en.html#_the_mail_system

and follow this for a home PC smarthost setup.

https://wiki.debian.org/GmailAndExim4

Initial configuration of Exim4 is invoked with:

# dpkg-reconfigure exim4-config
  • Choose "mail sent by smarthost; received via SMTP or fetchmail"
  • Set to "localhost" for "System mail name:".
  • Set to "127.0.0.1" for "IP-addresses to listen on for incoming SMTP connections" to refuse external connections.
  • Leave as empty for "Other destinations for which mail is accepted:".
  • Leave as empty for "Machines to relay mail for:".
  • Set to "smtp.gmail.com::587" for "IP address or host name of the outgoing smarthost:".
  • Choose "NO" for "Hide local mail name in outgoing mail?".
  • Choose "NO" for "Keep number of DNS-queries minimal (Dial-on-Demand)?".
  • Choose "mbox format in /var/mail/" for "Delivery method for local mail".
  • Choose "YES" for "Split configuration into small files?".

    This setting is for a typical desktop PC which has no resolvable host name. If you wish to do something more such as relaying mail, you need to configure this accordingly.

    Submission port 587 on Gmail system uses STARTTLS service to ensure secure password protection.

    (For servers with a real DNS resolvable host name, set it accordingly. But there is no good reason to use Gmail as a smarthost if you are in this situation.)

    Configuration of Exim4 for SMTP authentication uses the canonical host name.

    Gmail provides SMTP under the name smtp.gmail.com . You can get the canonical host names of these servers by running:

    $ host smtp.gmail.com
    smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
    gmail-smtp-msa.l.google.com has address 74.125.127.109
    gmail-smtp-msa.l.google.com has address 74.125.127.108

    So gmail*.google.com matches all the real host names.

    The authentication information for the external SMTP service is stored in /etc/exim4/passwd.client. Run

    # editor /etc/exim4/passwd.client

    and add the following lines:

    *.google.com:SMTPAccountName@gmail.com:y0uRpaSsw0RD

    Here's how /etc/exim4/passwd.client works: the first field in this file is matched against the reverse DNS of the remote SMTP server (in this case Gmail). If this domain name (or IP, if the server IP doesn't have a reverse domain name configured) matches the first field of this file, Exim4 will try to authenticate for SMTP using this login / password.

    If you restored /etc/exim4/passwd.client from the backup file, please make sure to restore its file ownership and permissions with

     chown root:Debian-exim /etc/exim4/passwd.client
     chmod 640 /etc/exim4/passwd.client

    Edit your address rewrite table /etc/email-addresses by running:

    # echo 'YOUR-USER-NAME: SMTPAccountName@gmail.com' >> /etc/email-addresses
    # echo 'YOUR-USER-NAME@localhost: SMTPAccountName@gmail.com' >> /etc/email-addresses
    # echo 'YOUR-USER-NAME@hostname1: SMTPAccountName@gmail.com' >> /etc/email-addresses
    # echo 'YOUR-USER-NAME@hostname1.localdomain: SMTPAccountName@gmail.com' >> /etc/email-addresses

    (Actually, recent Gmail rewrites source address automatically anyway. So you do not need to do the above. But Gmail may change again. This might also be needed for other smarthost settings, so I'll leave it on this page.)

    If any message comes to your Exim4 with a different envelope address, you need to list it too.

    (Although choosing "YES" for "Hide local mail name in outgoing mail?" may allow you to avoid this trouble, you risk sending unintended mails such as these sent to "root" to the smarthost.)

    Finally, run

    # update-exim4.conf
    # invoke-rc.d exim4 restart
    # exim4 -qff

    These 3 steps update the Exim4 configuration, reload it, and to force a delivery attempt for all messages including frozen ones.

    See "man update-exim4.conf" for more on Exim4 configuration.

    Verification of the Configuration and Troubleshooting

    After the configuration, please verify your configuration with

    # tail /var/log/exim4/mainlog

    If you start receiving SMTP authentication errors in mainlog, run

    $ host smtp.gmail.com
    smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
    gmail-smtp-msa.l.google.com has address 74.125.127.109
    gmail-smtp-msa.l.google.com has address 74.125.127.108

    to verify the resolving host names all match with the definition in your /etc/exim4/passwd.client. Gmail may change its host naming scheme.

    If you see in mainlog messages that state something like

    failed to open /etc/exim4/passwd.client for linear search:
    Permission denied (euid=102 egid=102)

    you have some file permission problems. Please restore the default permissions as was mentioned above for backup files. (euid and egid may be different on your installation.)

    If you see messages in mainlog that state "Credentials Rejected", the account or password was refused by Gmail. Please check the/etc/exim4/passwd.client file.

    Although for most ISP, the account name is simply the part before the arobase, Gmail expects the full e-mail address.

When tested by sending a mail:
/usr/sbin/exim4 -i stevepedwards@gmail.com
msg body
Ctrl-D
-------
You will see the chat with:
tail -f /var/log/exim4/mainlog

mainlogNetReachable.png

Now, the email reports from LMD are sent automatically when a scan is run (if configured to in /usr/local/maldetect/conf.maldet ):

maldet alert from LinuxLaptop
Inbox

root stevepedwards@gmail.com
20:23 (8 minutes ago)

to me
malware detect scan report for LinuxLaptop:
SCAN ID: 040714-2023.13582
TIME: Apr 7 20:23:46 +0100
PATH: /Acer1/Eicar/
TOTAL FILES: 1026
TOTAL HITS: 1
TOTAL CLEANED: 0

FILE HIT LIST:
{HEX}EICAR.TEST.10 : /Acer1/Eicar/V.txt => /usr/local/maldetect/quarantine/V.txt.22173
===============================================
Linux Malware Detect v1.4.2 < proj@rfxn.com >

Comments are closed.

Post Navigation