When I discovered that yet again a certain ISP had blocked my ISP’s smarthost (grr … hotmail), I needed to come up with something for my server’s Exim configuration to automatically route mail through an alternative route. For various reasons I wanted only specific domains to be routed through this domain (I run this other server and it is kind of handy to have an\u00a0independent mail server that isn’t dependant on it).<\/p>\n
This is a slightly unusual setup for Exim.<\/p>\n
I started off with setting up a couple of authenticators so that once everything else worked, Exim could actually login :-<\/p>\n
myloginMD5:\r\n driver = cram_md5\r\n public_name = CRAM-MD5\r\n client_name = USERNAME\r\n client_secret = PASSWORD\r\nmyloginPLAIN:\r\n driver = plaintext\r\n public_name = PLAIN\r\n client_send = ^USERNAME^PASSWORD<\/pre>\nAt this point, you have a secret in your configuration file, so protect it! There also seems no obvious way to use particular authenticators with particular servers … not to say that this is impossible (it’s hard to find something to do with mail that is impossible with Exim), but I didn’t see a method to do this.<\/p>\n
The next step is to run through your test procedure when making changes. Mine was :-<\/p>\n
\n
- Reconfigure Exim by sending it a HUP signal.<\/li>\n
- Check the panic<\/em>log file to make sure it is still running.<\/li>\n
- Run through a manual submission of a mail through the SMTP interface.<\/li>\n
- Check the main<\/em> log file to see it worked as expected.<\/li>\n<\/ol>\n
And if you need help running through that test procedure, this would probably be a good time to read up a good deal more about Exim<\/a> as you probably should not be doing this until you understand a little more.<\/p>\n
You don’t really need two authenticators here – you just need one authenticator that matches that offered by the SMTP servers you plan to authenticate to.<\/p>\n
The next step is to modify the SMTP driver. Search for the string “driver = smtp”, and change it to look like :-<\/p>\n
remote_smtp:\r\n driver = smtp\r\n hosts_require_auth = LIST-OF-HOSTS\r\n hosts_require_tls = LIST-OF-HOSTS<\/pre>\nWhat we are doing here is using the normal driver with two extra options that come into play for the list of hosts (colon separated of course) – one that requires that authentication be used, and another that requires that TLS be used.<\/p>\n
The next step of course is to run through the test procedure again.<\/p>\n
The final step is to create a new “smarthost” router that applies for a specified list of domains :-<\/p>\n
smarthostplusauth:\r\n # Deal with SMTP hosts but specifically through an authenticated SMTP server\r\n driver = manualroute\r\n domains = LIST-OF-DOMAINS\r\n transport = remote_smtp\r\n route_list = * \"server1::587 : server2::587\"<\/pre>\nThis of course applies to only emails that matches your list of domains. If it gets used, the mail is routed through either of “server1” or “server2” on port 587. I used two servers in here, so that Exim would happily deal with a server that was unresponsive, but you might prefer to use a single server.<\/p>\n
And of course it’s time to run through the test procedure again.<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
When I discovered that yet again a certain ISP had blocked my ISP’s smarthost (grr … hotmail), I needed to come up with something for my server’s Exim configuration to automatically route mail through an alternative route. For various reasons I wanted only specific domains to be routed through this domain (I run this other […]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_share_on_mastodon":"0"},"categories":[226],"tags":[934,936,935],"class_list":["post-2162","post","type-post","status-publish","format-standard","hentry","category-working-notes","tag-exim","tag-smarthost","tag-smtp-auth","category-226-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"share_on_mastodon":{"url":"","error":""},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p1f2KI-yS","_links":{"self":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/2162","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2162"}],"version-history":[{"count":4,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/2162\/revisions"}],"predecessor-version":[{"id":2166,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/2162\/revisions\/2166"}],"wp:attachment":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2162"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2162"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2162"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}