Bug#655015: exim4-base: Elaborate on AUTH_CLIENT_ALLOW_NOTLS_PASSWORD

Osamu Aoki osamu at debian.org
Sat Jan 7 21:35:02 UTC 2012 

Package: exim4-base
Version: 4.77-1+b1
Severity: wishlist

I agree http://bugs.debian.org/386875 is wontfix.

But for Bugs like: 386875 430057, I think we can help a bit by updating
README.Debian (Also fixing http://wiki.debian.org/GmailAndExim4)

Exim supports port 465 support with SMTP after SSL to support legacy
outlook clients as the server.  But, as explained by the maintainer, it
does not support such non-standard feature rightly as the client.  So
keeping this bug here does not make sense.  But there seems to be many
lost souls searching for ways to use exim for their environment.

Also I realize that the biggest complain seems to come from Yahoo users.

As I checked with their Japanese service, they now have port 587 service
with PLAIN AUTH.  Yep... PLAIN AUTH.  (It is nicely hidden in their web
site not listed with 465 info.  So it is hard to find they have this
too.)

Anyway, "2.3.1. Using Exim as SMTP-AUTH client" in README.Debian.gz in
exim-base may be touched up to give a bit more hand-holding for  these
lost souls.  This configuration is used most newbies who only read this
README.Debian.gz.

======================================================================
2.3.1. Using Exim as SMTP-AUTH client

   If you want to set up Exim as SMTP AUTH client for delivery to your
   Internet access provider's smarthost put the name of the server, your
   login and password in /etc/exim4/passwd.client.  For example:
---
*.yahoo.co.jp:account_name:my-secret
---
 or
---
*.google.com:account_name at gmail.com:my-secret
---

   /etc/exim4/passwd.client needs to be readable for the exim user (user
   Debian-exim, group Debian-exim). It is suggested that you keep the
   default permissions root:Debian-exim 0640.

   You must check canonical name of your ISP's SMTP server to ensure
   these server names match with the host names shown by the host
   command.  For example, here is the reason for Gmail setting:
---
$ host smtp.gmail.com
smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
gmail-smtp-msa.l.google.com has address 74.125.53.108
gmail-smtp-msa.l.google.com has address 74.125.53.109
---

   If normal SMTP port 25 access to your smart host is blocked by
   your connection ISP, try message submission port 587.  For example,
   the update-exim4.conf.conf file should contain something like:
---
dc_smarthost='smtp.mail.yahoo.co.jp::587'
---
 or
---
dc_smarthost='smtp.gmail.com::587'
---

   Normally, after SMTP connection, the password is send securely after
   the STARTTLS command to establish TLS encryption or by protecting
   with the CRAM MD5 authentication method.

   Some Large ISP does not use these secure settings. (Notably Yahoo's
   SMTP mail service as of 2012) You can still use them insecurely by creating
   an additional configuration file containing as follows.
---
AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS = yes
---
   If you chose to use split configuration, this shall be:
      * /etc/exim4/conf.d/main/00_exim4-config_macro
   If you chose to use non-split configuration, this shall be:
      * /etc/exim4/exim4.conf.localmacros

   After any of these configuration updates, you must execute the following
   to ensure your new configuration is active.
---
# update-exim4.conf
# invoke-rc.d exim4 restart
---

   See the man page for update-exim4.conf(8) and exim4-config_files(5)
   and Section 2.1.3, "Using Exim Macros to control the configuration"
   for more.

   Please note few things:
   * Exim does not support non-standard feature of SSL immediately upon
     connection to the port 465 as the SMTP client.  
   * ISP may not allow use of From: header field which does not match 
     with pre-registerd addresses.  You may need to adjust 
     /etc/email-addresses for this.
   * Specifics in the above examples may be outdated before you read this.
======================================================================

I hope this is helpful for many.  (I was mostly using my connection ISP's
smarthost ... 587 with STARTTLS.)

Regards,

Osamu

PS: Actually, after editing http://wiki.debian.org/GmailAndExim4 for
formatting, I start getting complain mails and they made me look into
this smart host problem.  I agree that page is totally broken and
suggested alternative is half baked.  I guess I will update that page
contents, too :-)


-- Package-specific info:
Exim version 4.77 #3 built 14-Nov-2011 22:30:32
# This is a Debian specific file

dc_eximconfig_configtype='smarthost'
dc_other_hostnames=''
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost='localhost'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost='smtp.mail.yahoo.co.jp::587'
CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname='false'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:localhost

-- System Information:
Debian Release: wheezy/sid

More information about the Pkg-exim4-maintainers mailing list