Documentation< Previous | Contents | Next >
2.3. SMTP Authentication
This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL.
The first step is to create a certificate for use with TLS. Enter the following into a terminal prompt:
sudo /usr/share/doc/exim4-base/examples/exim-gencert
Now Exim4 needs to be configured for TLS by editing /etc/exim4/conf.d/main/03_exim4- config_tlsoptions add the following:
MAIN_TLS_ENABLE = yes
Next you need to configure Exim4 to use the saslauthd for authentication. Edit /etc/exim4/conf.d/ auth/30_exim4-config_examples and uncomment the plain_saslauthd_server and login_saslauthd_server sections:
plain_saslauthd_server: driver = plaintext public_name = PLAIN
server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}} server_set_id = $auth2
server_prompts = :
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
#
login_saslauthd_server: driver = plaintext public_name = LOGIN
server_prompts = "Username:: : Password::"
# don't send system passwords over unencrypted connections server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}} server_set_id = $auth1
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
Additionally, in order for outside mail client to be able to connect to new exim server, new user needs to be added into exim by using the following commands.
sudo /usr/share/doc/exim4-base/examples/exim-adduser
Users should protect the new exim password files with the following commands.
sudo chown root:Debian-exim /etc/exim4/passwd sudo chmod 640 /etc/exim4/passwd
Finally, update the Exim4 configuration and restart the service:
sudo update-exim4.conf
sudo systemctl restart exim4.service