On Thu 23 Mar 2023 at 11:27:17 (-0700), pe...@easthope.ca wrote:
>
> # /etc/exim4/update-exim4.conf.conf
> #
> # Most of the heading comments removed.
> #
> # This is a Debian specific file
>
> dc_eximconfig_configtype='smarthost'
> dc_other_hostnames=''
> dc_local_interfaces='127.0.0.1'
> dc_readhost='dalton.invalid'
> dc_relay_domains=''
> dc_minimaldns='false'
> dc_relay_nets=''
> dc_smarthost='hornby.islandhosting.com::465'
> CFILEMODE='644'
> dc_use_split_config='false'
> dc_hide_mailname='true'
> dc_mailname_in_oh='true'
> dc_localdelivery='mail_spool'
That looks fine, and shows that you're going to send through their
port 465, which will require TLS and authentication. So first you need
to encode your username and password with:
$ echo -e -n '\0username\0password' | base64
You'll need to cut and paste that string in a moment. Bear in mind
that you should not reveal or post that string as it's easily decoded.
Start your test session with something more like:
$ openssl s_client -starttls smtp -crlf -connect hornby.islandhosting.com:465
EHLO dalton.invalid
AUTH PLAIN encodedstring
where encodedstring is the output from running the echo…base64
command. Note that it's sent encrypted.
Unlike the test of exim that you conducted with:
> root@dalton:/home/root# exim -bh 142.103.107.137.465
this one will send a real email, which you should get back as
recipient. This will be testing your new smarthost, and if it
doesn't like you, you should get the error message straightaway,
rather than having to decode what exim would have written in its
log. There's an example at the bottom.
> **** SMTP testing session as if from host 142.103.107.137
> **** but without any ident (RFC 1413) callback.
> **** This is not for real!
>
> > > > host in hosts_connection_nolog? no (option unset)
> > > > host in host_lookup? yes (matched "*")
> > > > looking up host name for 142.103.107.137
> > > > IP address lookup yielded "dalton.invalid"
> > > > checking addresses for dalton.invalid
> > > > 127.0.1.1
> > > > 142.103.107.137 OK
[ … ]
> > > > end of ACL "acl_check_rcpt": not OK
> 550 relay not permitted
> LOG: H=dalton.invalid [142.103.107.137] F=<pe...@easthope.ca> rejected
> RCPT pe...@easthope.ca: relay not permitted
Fair enough—exim is configured to send to a "real" smarthost on
the Internet: almost no sites allow relaying nowadays (spam).
(My exims are set up very differently from yours.)
> root@dalton:/home/root# head -n 3 /etc/hosts
(BTW you shouldn't need to be root for exim or any of this.)
> # dalton:/etc/hosts
> 127.0.0.1 localhost.localdomain localhost
> 127.0.1.1 dalton.invalid dalton
>
> Whereas above, exim says this.
>
> > > > checking addresses for dalton.invalid
> > > > 127.0.1.1
> > > > 142.103.107.137 OK
>
> Seems incorrect to mention 127.0.1.1 and not 127.0.0.1.
You started exim with 142.103.107.137. AIUI exim looks that up and
gets dalton.invalid (presumably with a local DNS server?). It then
looks up dalton.invalid and gets 127.0.1.1 from /etc/hosts.
You'd need to start exim with 127.0.0.1 to use localhost.
> Eventually exim complains about relaying whereas the test is from
> localhost.
Here's the example session, suitably mangled:
$ openssl s_client -starttls smtp -crlf -connect hornby.islandhosting.com:465
←
CONNECTED(00000003)
[certificate stuff]
---
250 OK
ehlo dalton.invalid
←
250-blablahornby.islandhosting.com hello [158.69.159.172], pleased to meet you
250-HELP
250-AUTH LOGIN PLAIN
250-SIZE 28672000
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 OK
auth plain abcdefghijklmnopqrstuvwxyz==
←
235 2.7.0 ... authentication succeeded
mail from: pe...@easthope.ca
←
250 2.1.0 <pe...@easthope.ca> sender ok
rcpt to: pe...@easthope.ca
←
250 2.1.5 <pe...@easthope.ca> recipient ok
data
←
from: <pe...@easthope.ca>
←
to: <pe...@easthope.ca>
←
subject: hand written test 01
←
(blank
line) ←
354 enter mail, end with "." on a line by itself
Hand written test 01
←
.
←
250 2.0.0 iHxl1z00J2LfVNE01HycHK mail accepted for delivery
quit
←
221 2.0.0 blablahornby.islandhosting.com closing connection
read:errno=0
$
You type the lines indicated. The responses will differ in detail.
I EHLO with the fqdn of my computer as well, but it's just ahost.corp;
and I authenticate with my ISP credentials; but I also have to
MAIL FROM: with the ISP account's email address (which I never use).
OTOH the From: header relates to my hosting service, 3000 miles away.
These are the sort of things that can vary with different smarthosts.
When travelling, I typically -connect to my hosting service's
submissions port, authenticate with their credentials, and MAIL FROM:
with nobody@my.domain. (I could do that at home too.)
In case ports 465 and 587 are blocked, my email hosting service also
provides port 25025 as a workaround submissions port. Again, these
services vary from company to company.
Cheers,
David.
