Configuring exim4 As A Mail Relay on Fedora 40

This is meant for a workstation that does not have a public internet address and wants to send mail using an internet mail server as a SMTP gateway. To accomplish this the workstation must pretend like it is a host in an existing domain on the internet. Masquerade is the term used for this.

The SMTP gateway will check the sending e-mail addresses to ensure that they are valid, therefore the sending addresses on the workstation must be defined as real mail addresses within the sending domain, i.e., (in my case) they must be defined in the “forwardings” table in the Postfix email database on the mail server.

To configure exim on the workstation:

1. Install the exim and the s-nail packages. (The s-nail package Fedora’s version of the mailx command line mail client. I use it for testing exim once the installation is complete.)
2. Patch the /etc/exim/exim.conf file with the patch below. Notice that the SMTP mail server userid and password are set in the last block of the patch and need to be edited before applying the patch. Also note that a fake domain (CHANGEME_DOMAIN.com) is used in the patch. This also needs to be changed.
3. Start the exim service and set it to be started at boot.
4. Run alternatives --config mta as root to set exim as the MTA.
5. Modify the /etc/aliases file to define an alias for the root user and run the newaliases command as root.
6. Send a test email: mail root

--- exim.conf.orig	2024-03-03 18:00:00.000000000 -0600
+++ exim.conf	2024-07-24 09:41:28.455222760 -0500
@@ -47,7 +47,9 @@
 # An appropriately privileged user can then redirect email on the command-line
 # in emergencies, via -D.
 #
+# dlk
 # ROUTER_SMARTHOST=MAIL.HOSTNAME.FOR.CENTRAL.SERVER.EXAMPLE
+ROUTER_SMARTHOST=mail.CHANGEME_DOMAIN.com
 
 ######################################################################
 #                    MAIN CONFIGURATION SETTINGS                     #
@@ -138,7 +140,8 @@
 # of what to set for other virus scanners. The second modification is in the
 # acl_check_data access control list (see below).
 
-av_scanner = clamd:/var/run/clamd.exim/clamd.sock
+# dlk
+#av_scanner = clamd:/var/run/clamd.exim/clamd.sock
 
 
 # For spam scanning, there is a similar option that defines the interface to
@@ -214,7 +217,8 @@
 # unqualified addresses from remote sources. If this option is not set, the
 # primary_hostname value is used for qualification.
 
-# qualify_domain =
+# dlk
+qualify_domain = CHANGEME_DOMAIN.com
 
 
 # If you want unqualified recipient addresses to be qualified with a different
@@ -250,7 +254,8 @@
 # as if it were a normal user. This isn't usually a problem, as most sites have
 # an alias for root that redirects such mail to a human administrator.
 
-never_users = root
+# dlk
+#never_users = root
 
 
 # The setting below causes Exim to do a reverse DNS lookup on all incoming
@@ -807,7 +812,9 @@
 smarthost:
   driver = manualroute
   domains = ! +local_domains
-  transport = smarthost_smtp
+# dlk
+#  transport = smarthost_smtp
+  transport = remote_msa
   route_data = ROUTER_SMARTHOST
   ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
   no_more
@@ -1112,7 +1119,10 @@
 
 begin rewrite
 
-
+# dlk
+*@localhost.locadomain $1@CHANGEME_DOMAIN.com
+*@localhost            $1@CHANGEME_DOMAIN.com
 
 ######################################################################
 #                   AUTHENTICATION CONFIGURATION                     #
@@ -1125,11 +1135,11 @@
 # mail to a smarthost rather than directly to the final recipient.
 # Replace SMTPAUTH_USERNAME and SMTPAUTH_PASSWORD as appropriate.
 
-#client_auth:
-#  driver = cram_md5
-#  public_name = CRAM-MD5
-#  client_name = SMTPAUTH_USERNAME
-#  client_secret = SMTPAUTH_PASSWORD
+# dlk
+client_auth:
+  driver = plaintext
+  public_name = PLAIN
+  client_send = ^CHANGEME_USERID^CHANGEME_PASSWORD 
 
 #
 
@@ -1158,12 +1168,13 @@
 # use $auth2 as a lookup key, and compare $auth3 against the result of the
 # lookup, perhaps using the crypteq{}{} condition.
 
-#PLAIN:
-#  driver                     = plaintext
-#  server_set_id              = $auth2
-#  server_prompts             = :
-#  server_condition           = ${if saslauthd{{$2}{$3}{smtp}} {1}}
-#  server_advertise_condition = ${if def:tls_in_cipher }
+# dlk
+PLAIN:
+  driver                     = plaintext
+  server_set_id              = $auth2
+  server_prompts             = :
+  server_condition           = ${if saslauthd{{$2}{$3}{smtp}} {1}}
+  server_advertise_condition = ${if def:tls_in_cipher }
 
 # LOGIN authentication has traditional prompts and responses. There is no
 # authorization ID in this mechanism, so unlike PLAIN the username and