SMTP authentication in Exim
Posted on Wed 28 January 2015 in Linux
No more Google SMTP for your aliases
Since August last year, Google have grandfathered a feature in GMail that allows you to create aliases in your account and send emails as those aliases from their SMTP servers:
http://googlesystem.blogspot.co.uk/2014/08/external-addresses-no-longer-use-gmail.html
For any new aliases, you will need to provide your own SMTP servers.
If you have a VPS of some sort, this is how you can set up simple SMTP
authentication in Exim to pipe your emails through your server and keep
using the Google web interface.
SMTP Authentication
LOGIN and PLAIN auth differs in the fact that LOGIN will prompt for the
username/password explicitely whereas in PLAIN the client is expected to
send both in one blob.
Practically the only difference is an additional null byte at the
beginning of the LOGIN blob send to the server.
LOGIN
How to set up simple SMTP LOGIN auth with SHA1 (alternative is crypt or MD5..):
exim.conf file (based on a Ubuntu template):
...
CONFDIR = /etc/exim4/
...
begin authenticators
LOGIN:
driver = plaintext
public_name = LOGIN
server_prompts = <| Username: | Password:
server_advertise_condition = ${if def:tls_cipher }
server_condition = "${if crypteq {$auth2}{\\\{sha1\\\}${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
server_set_id = $auth1
passwd file:
username:[PASSWORD HASH]
How to generate password hash:
perl -MDigest::SHA=sha1_hex -e 'print sha1_hex($ARGV[0]),"\n"' [PASSWORD]
To test this, you need to encode the username/pass in base64:
# cat encode.pl
use MIME::Base64;
printf ("%s", encode_base64(eval "\"$ARGV[0]\""));
# perl encode.pl 'username\0password'
dXNlcm5hbWUAcGFzc3dvcmQ=
...
# exim -bh localhost
> ehlo test
> auth login dXNlcm5hbWUAcGFzc3dvcmQ=
PLAIN
If you'd rather have a PLAIN auth, just change the snippet in exim.conf to:
exim.conf file
...
CONFDIR = /etc/exim4/
...
begin authenticators
PLAIN:
driver = plaintext
public_name = PLAIN
server_advertise_condition = ${if def:tls_cipher }
server_condition = "${if crypteq {$auth3}{\\\{sha1\\\}${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
server_set_id = $auth2
to test, run:
# perl encode.pl '\0username\0password'
AHVzZXJuYW1lAHBhc3N3b3Jk
# exim -bh localhost
> ehlo test
> auth plain AHVzZXJuYW1lAHBhc3N3b3Jk
SSL
Test with SSL by using this instead of 'exim -bh':
openssl s_client -connect server.com:465
Links
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.html
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html
https://www.debian-administration.org/article/280/HowTo_Setup_Basic_SMTP_AUTH_in_Exim4