Another late night trying to configure that Debian exim4 thingy…

I want to send email from Thunderbird using my Debian box as an SMTP relay.

The mailserver (exim4) will refuse to relay anything to an external domain if you’re not properly authenticated.

So here’s what I had to do (and thank God it finally works):

  • Cleaned up my /etc/exim4/exim4.conf.template as previously discussed.
  • Generated SSL keys for TLS to use with /usr/share/doc/exim4-base/examples/exim-gencert
  • Activated TLS by writing MAIN_TLS_ENABLE = true into a file called /etc/exim4/exim4.conf.localmacros
  • Activated authentication based on the courier-imap daemon I was already using for IMAP: in /etc/exim4/exim4.conf.template there is a section called AUTHENTIFICATION CONFIGURATION. In there I had to uncomment the blocks named plain_courier_authdaemon and login_courier_authdaemon. I'm not really sure why I uncommented both, but... it works.
  • There I found out (later) that I needed to allow exim to access the courier-imap socket or my /var/log/exim4 wouls state this:
    login_courier_authdaemon authenticator failed for xxx: 435 Unable to authenticate at present (set_id=yyy): failed to connect to socket /var/run/courier/authdaemon/socket: Permission denied
    This can be solved by adding the right user to the rigth group: usermod -G daemon Debian-exim. I'm not sure about how good/secure/clean this is, but it works. Comments welcome ;)
  • Regenerated the exim4 config with update-exim4.conf
  • Restarted exim with /etc/init.d/exim4 restart. I'm not sure this is needed, but it won't hurt...

Sometimes I wish I still had dear/hated old PLESK environment… :roll:

Bonus feature: make those sendings faster!

When you are connecting to the SMTP relay from behind a NAT firewall, there is a fairly high chance that the SMTP will try to RFC-1413 ident you but the firewall will drop the request. So the mailserver will wait for a response until it times out.

Exim4 does exactly that with a 30 second timeout. Which makes sending mails frustrating at best.

In /etc/exim4/exim4.conf.template there is a section about RFC 1413. Make sure you have this line:

rfc1413_query_timeout = 0s
(Zero seconds, means: do not bother wasting time on ident).

Comments from long ago:

Comment from: Pergu

usermod -G daemon Debian-exim. did the trick for me Thanx.

2011-01-24 08-04

Comment from: Tim-Hinnerk Heuer

Thanks man! This saved my headache tonight.

2011-01-30 10-50