Bug#656841: exim4-config: Support SMTPS via macro and update README

Osamu Aoki osamu at debian.org
Sun Jan 22 05:46:42 UTC 2012 

Package: exim4-config
Version: 4.77-1
Severity: wishlist
Tags: patch

In light of new SMTPS client support by Exim 4.77 and raising popularity
of DKIM/SPF, I proposed to update package as attached patch.

This patch allows user to use SMTPS without making intrusive changes to
the Debian defaults just like AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS macro
did for enabling nonencrypted plaintext password.  

This patch also updates README.

== FYI: Some facts on smarthost services by ISPs ==

I have tested smarthost services with:
 * gmail.com   STARTTLS 587 (Free email)
 * yahoo.co.jp SMTPS    469 (Free email)
 * nifty.com   STARTTLS 587 (SMTP ISP for my OFC service)

Gmail accepts any envelope From_ address and header From: address but
overwrite such information automatically with the Gmail email account
you used to connect to their SMTP service.  Then they sign your mail
with DKIM.

Yahoo (you can get a free account in their Asian ISPs such as Japan and
India by opting in for their advertisement mail while their US service
seems to be only for payed customers.)  I tested with Japanese service.

As I understand, since Yahoo did not offer STARTTLS service nor CRAM5,
people were using Yahoo with plaintext password over unencrypted
connection using AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS macro.  This is not a
good idea for security.

Since Exim 4.77 supports SMTPS, I tested it for Yahoo without setting
AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS macro but adding "protocol = smtps" to
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost .
I confirmed that it works fine.  Unlike Gmail, it does not rewrite email
address.  If envelope From_ is not resolvable address, it rejects such
mails.  So use of /etc/email-addresses is essential for using them as the
smarthost.  Also, I noticed that if the header From: address is not the
email address of theirs, it does not sign DKIM. If only the header From:
address is the email address of their, Yahoo signs such mail with DKIM.  

Nifty seems to do nothing on DKIM and does not enforce anything on the
 From: header and send mail with the original non-Nifty From: address.
When Gmail receives such tweaked mail with my debian.org address, having
envelope address pointing to my Nifty's email account by using proper
entry in the /etc/email-addresses improved spam filter position on SPF
to "pass". 

-- Package-specific info:
Exim version 4.77 #3 built 14-Nov-2011 22:30:32
Copyright (c) University of Cambridge, 1995 - 2007
Berkeley DB: Berkeley DB 5.1.25: (January 28, 2011)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file

dc_eximconfig_configtype='smarthost'
dc_other_hostnames=''
dc_local_interfaces='127.0.0.1'
dc_readhost='localhost'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
#dc_smarthost='smtp.nifty.com::587'
#dc_smarthost='smtp.gmail.com::587'
dc_smarthost='smtp.mail.yahoo.co.jp::465'
CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname='false'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:localhost

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages exim4-config depends on:
ii  adduser                3.113
ii  debconf [debconf-2.0]  1.5.41

exim4-config recommends no packages.

exim4-config suggests no packages.

-- Configuration Files:
/etc/email-addresses changed [not included]
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost changed [not included]
(I had protocol=smtps mod.)
/etc/exim4/passwd.client [Errno 13] Permission denied: u'/etc/exim4/passwd.client'

-- debconf information:
* exim4/dc_smarthost: smtp.gmail.com::587 ... changed among different servers
  exim4/dc_relay_domains:
* exim4/dc_relay_nets:
* exim4/mailname: localhost
* exim4/dc_localdelivery: mbox format in /var/mail/
* exim4/dc_local_interfaces: 127.0.0.1
* exim4/dc_minimaldns: false
* exim4/dc_other_hostnames:
* exim4/dc_eximconfig_configtype: mail sent by smarthost; received via SMTP or fetchmail
* exim4/no_config: true
* exim4/hide_mailname: false
  exim4/dc_postmaster: osamu
* exim4/dc_readhost: localhost
* exim4/use_split_config: true
  exim4/exim4-config-title:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: exim4-4.77.patch
Type: text/x-diff
Size: 3176 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-maintainers/attachments/20120122/f7ff99e1/attachment.patch>

More information about the Pkg-exim4-maintainers mailing list