Exim: Setting Up A Smarthost Router With SMTP AUTH

 Working Notes  No Responses »
Mar 072012
 

When I discovered that yet again a certain ISP had blocked my ISP’s smarthost (grr … hotmail), I needed to come up with something for my server’s Exim configuration to automatically route mail through an alternative route. For various reasons I wanted only specific domains to be routed through this domain (I run this other server and it is kind of handy to have an independent mail server that isn’t dependant on it).

This is a slightly unusual setup for Exim.

I started off with setting up a couple of authenticators so that once everything else worked, Exim could actually login :-

myloginMD5:
  driver = cram_md5
  public_name = CRAM-MD5
  client_name = USERNAME
  client_secret = PASSWORD
myloginPLAIN:
  driver = plaintext
  public_name = PLAIN
  client_send = ^USERNAME^PASSWORD

At this point, you have a secret in your configuration file, so protect it! There also seems no obvious way to use particular authenticators with particular servers … not to say that this is impossible (it’s hard to find something to do with mail that is impossible with Exim), but I didn’t see a method to do this.

The next step is to run through your test procedure when making changes. Mine was :-

  1. Reconfigure Exim by sending it a HUP signal.
  2. Check the paniclog file to make sure it is still running.
  3. Run through a manual submission of a mail through the SMTP interface.
  4. Check the main log file to see it worked as expected.

And if you need help running through that test procedure, this would probably be a good time to read up a good deal more about Exim as you probably should not be doing this until you understand a little more.

You don’t really need two authenticators here – you just need one authenticator that matches that offered by the SMTP servers you plan to authenticate to.

The next step is to modify the SMTP driver. Search for the string “driver = smtp”, and change it to look like :-

remote_smtp:
  driver = smtp
  hosts_require_auth = LIST-OF-HOSTS
  hosts_require_tls = LIST-OF-HOSTS

What we are doing here is using the normal driver with two extra options that come into play for the list of hosts (colon separated of course) – one that requires that authentication be used, and another that requires that TLS be used.

The next step of course is to run through the test procedure again.

The final step is to create a new “smarthost” router that applies for a specified list of domains :-

smarthostplusauth:
  # Deal with SMTP hosts but specifically through an authenticated SMTP server
  driver = manualroute
  domains = LIST-OF-DOMAINS
  transport = remote_smtp
  route_list = * "server1::587 : server2::587"

This of course applies to only emails that matches your list of domains. If it gets used, the mail is routed through either of “server1” or “server2” on port 587. I used two servers in here, so that Exim would happily deal with a server that was unresponsive, but you might prefer to use a single server.

And of course it’s time to run through the test procedure again.

 

One Murdoch Down, One To Go

 Media, Politics  No Responses »
Feb 292012
 

According to the news, James Murdoch has decided to resign from his post as the head of News International. About time! But :-

  1. Why was he allowed to resign rather than being fired ?
  2. Why is he being allowed to take up a cushy number with News Corp ? It hardly seems much of a punishment for him to resign from a job in an industry he dislikes only to take another job in an industry that he likes in what is effectively the same corporate empire.
  3. Why didn’t he go ages ago ?
  4. And when is Rupert Murdoch going ?

The two Murdochs (and their countless minions at News International) were the people in charge of a corporate empire that allowed one part of it to break the law not just occasionally but routinely for stories that were not in the public interest (in the sense of stories that the public should know rather than just what they want to know). Whether or not they knew what was happening, they set the tone for a corporation that apparently valued results over ethical behaviour.

They are responsible for allowing such a corporate culture to grow unchallenged for at least a decade.

Did they know what was going on ? Perhaps not – particularly in the case of Rupert Murdoch, but they should have known. And in the case of James Murdoch, it seems probable that if he did not know what was going on, he intentionally avoided knowing.

Both should go.

Prayers At Council Meetings? I Pray Not!

 Politics, Religion  No Responses »
Feb 192012
 

To be honest I don’t pray to any gods – I don’t feel the need to speak to imaginary friends.

In a recent court case, an atheistic ex-councellor and the National Secular Society won a court ruling that a local council was wrong to put prayers on the official meetings agenda. Not because anyone’s human rights were being abused, but because the council was not empowered to do so under an interpretation of the old law governing local councils which explicitly prohibits that which is not explicitly permitted.

Given that this law is currently being revised to give far greater powers to local councils, the brouhaha that has exploded from the moral minority (I’m thinking of Eric Pickles) ever since is really rather uncalled for. This ruling (unless someone interferes) is a really rather temporary victory.

But without considering the legal position, it is time to consider whether it is really appropriate to have public prayers to begin a council meeting. One councillor interviewed about this situation said that her council brought back public praying as a way of bringing the council members together. Undoubtedly it works for those who believe in a certain god.

But what might be easily overlooked is that it is also a very good way of excluding those who don’t believe in that god – atheists or people with a different religion. Whilst this country has a christian past, there is no reason for going out of your way to making others feel uncomfortable. Even if the others are in a minority, or even especially because they are a minority.

After all praying out loud before a council meeting is totally unnecessary.

There is no trouble with having a minute of quiet contemplation where those who choose to do so can talk with their imaginary friends silently if they choose to do so.

 

Dealing With Offensive “Internet Trolls” (or Goblins)

 Computing, Media, Security  No Responses »
Feb 142012
 

This morning I caught an item about how so-called “Internet Trolls” are forcing some famous people to close down their Twitter accounts because of offensive posts in reply to anything they post. Before getting to the main point of this post, lets get one thing cleared up to begin with.

Trolls on the Internet aren’t those who post offensive messages. Sure they’re irritating, but they are disruptive more than offensive. That’s not to say that trolls cannot also be offensive, but most are not.

This is yet another example of the media getting some clueless reporter to write up a story about “new technology” (it ain’t new any more) without checking their basic facts with someone who has half a clue – even checking with Wikipedia would quickly tell someone what the definition of an Internet Troll was (hint that funny coloured word at the beginning of the second paragraph takes you to the definition).

Us old-timers call those who use offensive language inappropriately “offensive little gits” which probably is not cute and cuddly enough for the media to like. Perhaps we should call them goblins (it’s all in the wrong order, but Gits, Offensive, B(onus), Little, INternet, S(omething)) just to keep the media happy.

Now onto the main point … this story was quite right about the fact there is a problem with people being deliberately offensive on the Internet, and it is not restricted to just famous people. There are plenty of examples of ordinary people facing all sort of offensive messages (I was going to dig up an example I know of, but it’s buried too deep).

Now us old timers remember a simpler age where people posting offensive messages would be dealt with quite simply. First the offended person would complain to the organisation (often a University) “hosting” the network address used by the offensive person. Next, the person at that organisation in charge of such things would find the relevant user, and apply the clue stick as hard and as often as seemed appropriate.

Up to and including throwing goblins off the Internet. Of course we also kept an eye out for vexatious complaints – there are some people who will complain about the most ridiculous things.

This was mostly lost when the ISPs started dominating the provisioning of the Internet to most people (although it survives in a few dusty old corners) because it “costs too much” for the ISPs to police their users. But there is no reason why it couldn’t be brought back.

And with careful management it should work quite well – of course some care would have to be taken as regards political activists posting on the Internet. The aim here is not to censure genuine political criticism or discussion, but to apply the clue stick as hard and as often as necessary to the Internet goblins.

Roadworks – So Why Is It Happening ?

 General  No Responses »
Feb 112012
 

At the moment (and for quite a few weeks in the past), there has been a lot of activity in the road outside my flat – a major cross-roads is being dug up, fiddled with, and all neatened up again. Which has the usual bunch of irritations :-

  1. Because the traffic lights are set so far back from the cross-roads, it makes crossing on foot even trickier than it usually is.
  2. It always seems that they’re keen on working whenever I would prefer some peace and quiet – including on a couple of occasions working through the night.

But perhaps more frustrating than anything else, is just what the road-works are for. Why not stick up a little sign explaining what they are for ?

 Older Entries  Newer Entries