# SMTPS # Assume we have a mail server/smarthost running Postfix. We also have Debian boxes with exim4 that want to send mail through our smarthost, perhaps administrative alerts. In some settings, it's a problem to send out to port 25 (smtp). Port 587 is explicitly for authenticated clients to securely submit mail to the Mail Submission Agent. On the smarthost, in `/etc/postfix/master.cf`: submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject And in `/etc/postfix/sasl/smtpd.conf` specify only the following mechanisms: mech_list: PLAIN LOGIN And make sure the port is open: ~ $ cat /etc/iptables/rules.v4 | grep 587 -A INPUT -p tcp -m tcp --dport 587 -j ACCEPT On our sending Debian boxes, make sure exim4 is installed and configured, and that the hostname is set correctly: ~ $ hostname -f ~ $ sudo apt-get install exim4 ~ $ sudo dpkg-reconfigure exim4-config - "mail sent by smarthost; no local mail" - System mail name "localhost" (This is important) - Listen on "127.0.0.1 ; ::1" - Other destinations for which mail is accepted "" (blank) - IP address or host name of the outgoing smarthost "mail.example.com::587" Follow the example to supply an appropriate server, login name, and password: ~ $ sudo cat /etc/exim4/passwd.client # password file used when the local exim is authenticating to a remote # host as a client. # # see exim4_passwd_client(5) for more documentation # # Example: ### target.mail.server.example:login:password The user as which exim runs (i.e. "Debian-exim") must be able to read this file. Add to `/etc/aliases`: root: alert@example.com and run: ~ # newaliases Test like: ~ $ openssl s_client -quiet -starttls smtp -connect mail.example.com:587 Also: ~ $ exim -bp ~ $ exim -qff ## Links ## - https://wiki.debian.org/GmailAndExim4 - https://www.vultr.com/docs/setup-exim-to-send-email-using-gmail-in-debian