Debian Bug report logs - #656841
Support multiple smarthosts with SMTPS (updated README)

version graph

Package: exim4-config; Maintainer for exim4-config is Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>; Source for exim4-config is src:exim4.

Reported by: Osamu Aoki <osamu@debian.org>

Date: Sun, 22 Jan 2012 06:00:01 UTC

Severity: wishlist

Tags: patch

Found in version exim4/4.77-1

Done: Osamu Aoki <osamu@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#656841; Package exim4-config. (Sun, 22 Jan 2012 06:00:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Osamu Aoki <osamu@debian.org>:
New Bug report received and forwarded. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. (Sun, 22 Jan 2012 06:00:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Osamu Aoki <osamu@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: exim4-config: Support SMTPS via macro and update README
Date: Sun, 22 Jan 2012 14:46:42 +0900
[Message part 1 (text/plain, inline)]
Package: exim4-config
Version: 4.77-1
Severity: wishlist
Tags: patch

In light of new SMTPS client support by Exim 4.77 and raising popularity
of DKIM/SPF, I proposed to update package as attached patch.

This patch allows user to use SMTPS without making intrusive changes to
the Debian defaults just like AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS macro
did for enabling nonencrypted plaintext password.  

This patch also updates README.

== FYI: Some facts on smarthost services by ISPs ==

I have tested smarthost services with:
 * gmail.com   STARTTLS 587 (Free email)
 * yahoo.co.jp SMTPS    469 (Free email)
 * nifty.com   STARTTLS 587 (SMTP ISP for my OFC service)

Gmail accepts any envelope From_ address and header From: address but
overwrite such information automatically with the Gmail email account
you used to connect to their SMTP service.  Then they sign your mail
with DKIM.

Yahoo (you can get a free account in their Asian ISPs such as Japan and
India by opting in for their advertisement mail while their US service
seems to be only for payed customers.)  I tested with Japanese service.

As I understand, since Yahoo did not offer STARTTLS service nor CRAM5,
people were using Yahoo with plaintext password over unencrypted
connection using AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS macro.  This is not a
good idea for security.

Since Exim 4.77 supports SMTPS, I tested it for Yahoo without setting
AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS macro but adding "protocol = smtps" to
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost .
I confirmed that it works fine.  Unlike Gmail, it does not rewrite email
address.  If envelope From_ is not resolvable address, it rejects such
mails.  So use of /etc/email-addresses is essential for using them as the
smarthost.  Also, I noticed that if the header From: address is not the
email address of theirs, it does not sign DKIM. If only the header From:
address is the email address of their, Yahoo signs such mail with DKIM.  

Nifty seems to do nothing on DKIM and does not enforce anything on the
 From: header and send mail with the original non-Nifty From: address.
When Gmail receives such tweaked mail with my debian.org address, having
envelope address pointing to my Nifty's email account by using proper
entry in the /etc/email-addresses improved spam filter position on SPF
to "pass". 

-- Package-specific info:
Exim version 4.77 #3 built 14-Nov-2011 22:30:32
Copyright (c) University of Cambridge, 1995 - 2007
Berkeley DB: Berkeley DB 5.1.25: (January 28, 2011)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file

dc_eximconfig_configtype='smarthost'
dc_other_hostnames=''
dc_local_interfaces='127.0.0.1'
dc_readhost='localhost'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
#dc_smarthost='smtp.nifty.com::587'
#dc_smarthost='smtp.gmail.com::587'
dc_smarthost='smtp.mail.yahoo.co.jp::465'
CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname='false'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:localhost

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages exim4-config depends on:
ii  adduser                3.113
ii  debconf [debconf-2.0]  1.5.41

exim4-config recommends no packages.

exim4-config suggests no packages.

-- Configuration Files:
/etc/email-addresses changed [not included]
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost changed [not included]
(I had protocol=smtps mod.)
/etc/exim4/passwd.client [Errno 13] Permission denied: u'/etc/exim4/passwd.client'

-- debconf information:
* exim4/dc_smarthost: smtp.gmail.com::587 ... changed among different servers
  exim4/dc_relay_domains:
* exim4/dc_relay_nets:
* exim4/mailname: localhost
* exim4/dc_localdelivery: mbox format in /var/mail/
* exim4/dc_local_interfaces: 127.0.0.1
* exim4/dc_minimaldns: false
* exim4/dc_other_hostnames:
* exim4/dc_eximconfig_configtype: mail sent by smarthost; received via SMTP or fetchmail
* exim4/no_config: true
* exim4/hide_mailname: false
  exim4/dc_postmaster: osamu
* exim4/dc_readhost: localhost
* exim4/use_split_config: true
  exim4/exim4-config-title:
[exim4-4.77.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#656841; Package exim4-config. (Sat, 28 Jan 2012 15:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Osamu Aoki <osamu@debian.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. (Sat, 28 Jan 2012 15:57:03 GMT) Full text and rfc822 format available.

Message #10 received at 656841@bugs.debian.org (full text, mbox):

From: Osamu Aoki <osamu@debian.org>
To: 656841@bugs.debian.org
Subject: Bug#656841: exim4-config: Beyong SMTPS for smarthost
Date: Sun, 29 Jan 2012 00:52:12 +0900
[Message part 1 (text/plain, inline)]
Hi,

I am wondering about design of current smarthost.  I made a alternative
set up which uses multiple smarthosts based on From: header.
(I got its hint from recent exim ML but did more to accomodate SMTPS.)

These days, it is better to use google address as both sending and
recieving for some services instead of just recieving.  If you use just
"From: foo@gmail.com", some service does not like it (I think of google
code or something.)

So if desktop user set up exim for smarthost, it should use them based
on From: address for all practical purpose.

After checking my previous simple SMTPS patch, I finally got this tried
to make it work with all of the following.
 * my connection ISP (used for @debian.org address too.)
 * google accounts
 * yahoo.co.jp SMTPS account

Based on my local configuration, I made a patch to the exim4 package.

As I installed this, this works aftwe adding local configuration:

ENABLE_MULTIPLE_SMARTHOSTS = yes

The only concern I have is security of $address_data.

Should I add hide to address_data in my updated
 /etc/exim4/conf.d/router/200_exim4-config_primary

I do not know if you wish the default configuration to use this patch.
But this may be helpful for other people.  So I am sending this
alternative configuration with all required changes and documentation.

Osamu

[exim4-4.77.multi-smarthosts.patch (text/x-diff, attachment)]

Changed Bug title to 'Support multiple smarthosts with SMTPS (updated README)' from 'exim4-config: Support SMTPS via macro and update README' Request was from Osamu Aoki <osamu@debian.org> to control@bugs.debian.org. (Sat, 28 Jan 2012 16:21:09 GMT) Full text and rfc822 format available.

Reply sent to Osamu Aoki <osamu@debian.org>:
You have taken responsibility. (Mon, 25 Nov 2013 15:15:34 GMT) Full text and rfc822 format available.

Notification sent to Osamu Aoki <osamu@debian.org>:
Bug acknowledged by developer. (Mon, 25 Nov 2013 15:15:34 GMT) Full text and rfc822 format available.

Message #17 received at 656841-done@bugs.debian.org (full text, mbox):

From: Osamu Aoki <osamu@debian.org>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 655015-done@bugs.debian.org, Andreas Metzler <ametzler@downhill.at.eu.org>, 656841-done@bugs.debian.org
Subject: Re: Bug#655015: ---> when are you uploading new exim4doc ? :-)
Date: Mon, 25 Nov 2013 22:54:44 +0900
Hi,

On Sun, Nov 24, 2013 at 11:37:05PM +0100, Marc Haber wrote:
> On Thu, Jan 12, 2012 at 10:26:24PM +0900, Osamu Aoki wrote:
> > I checked exim4-doc-html ... aha .. -doc-html is still in 4.72-1

Now: 
  exim4          is 4.80-9
  exim4-doc-html is 4.80-2

> This seems to have been fixed in the mean time. The exim specification
> also comes with the actual packages in
> /usr/share/doc/exim4-base/spec.txt.gz. That file has the advantage of
> being current ;-)

Yes.
 
> What do we do with this bug? Does it still make sense to hold yahoo
> users' hands while trying not to prompt all people to expect us to
> include ISP-specific docs.

Now even yahoo support STARTLS so this is non-issue.

Also, ISPs have been rewriting From: address sometimes.  So not much
point doing all these too keep up with them.  I have given up to do so.

As for ISP specific thing, I have made changes to
https://wiki.debian.org/GmailAndExim4 which should be better than
before.  Though it may have been outdated.

Let me close these bugs.

Osamu



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 24 Dec 2013 07:29:33 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 11:53:57 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.