This is meant for a workstation that does not have a public internet address and wants to send mail using GMail as a SMTP smarthost gateway. To accomplish this the workstation must masquerade as a host in an existing domain on the internet.
The SMTP smarthost will check the sending e-mail addresses to ensure that they are valid, therefore the sending addresses on the workstation must be defined as real mail addresses within the sending domain, i.e., (in my case) they must be defined in the “forwardings” table in the Postfix email database on my mail server.
To configure exim on the workstation:
- Install the exim package.
- Patch the /etc/exim/exim.conf file with the patch below. Notice that the SMTP mail server userid and password are set in the last block of the patch and need to be edited before applying the patch. Also note that a fake domain (mydomain.com) is used in the patch. This also needs to be changed.
- Start the exim service and set it to be started at boot.
- Run
alternatives --config mtaas root to set exim as the MTA. - Modify the /etc/aliases file to define an alias for the root user and run the
newaliasescommand as root
--- exim.conf.orig 2022-08-30 14:51:39.000000000 -0400
+++ exim.conf 2022-11-28 09:12:11.524769007 -0500
@@ -138,7 +138,8 @@
# of what to set for other virus scanners. The second modification is in the
# acl_check_data access control list (see below).
-av_scanner = clamd:/var/run/clamd.exim/clamd.sock
+# dlk
+#av_scanner = clamd:/var/run/clamd.exim/clamd.sock
# For spam scanning, there is a similar option that defines the interface to
@@ -211,6 +212,8 @@
# primary_hostname value is used for qualification.
# qualify_domain =
+# dlk
+qualify_domain = daveking.com
# If you want unqualified recipient addresses to be qualified with a different
@@ -246,7 +249,8 @@
# as if it were a normal user. This isn't usually a problem, as most sites have
# an alias for root that redirects such mail to a human administrator.
-never_users = root
+# dlk
+#never_users = root
# The setting below causes Exim to do a reverse DNS lookup on all incoming
@@ -776,6 +780,13 @@
begin routers
+# dlk
+# Send all mail through a Gmail SMTP server
+gmail_route:
+ driver = manualroute
+ transport = gmail_relay
+ route_list = * smtp.gmail.com
+
# This router routes to remote hosts over SMTP by explicit IP address,
# when an email address is given in "domain literal" form, for example,
# <user@[192.168.35.64]>. The RFCs require this facility. However, it is
@@ -948,6 +959,16 @@
begin transports
+# dlk
+# Deliver mail through a GMail SMTP server
+gmail_relay:
+ driver = smtp
+ port = 587
+ tls_verify_certificates = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+ # this forces host verification.
+ tls_verify_hosts = smtp.gmail.com
+ hosts_require_auth = <; $host_address
+ hosts_require_tls = <; $host_address
# This transport is used for delivering messages over SMTP connections.
@@ -1108,7 +1129,9 @@
begin rewrite
-
+# dlk
+# This host masquerades as mydomain.com
+*@local.localdomain $1@CHANGEME_DOMAIN.com
######################################################################
# AUTHENTICATION CONFIGURATION #
@@ -1116,6 +1139,15 @@
begin authenticators
+# dlk
+# Authenticating with a GMail SMTP server. Use your Google/GMail login
+# credentials or, better yet, use a per-application password. See
+# https://myaccount.google.com/apppasswords
+gmail_login:
+ driver = plaintext
+ public_name = LOGIN
+ hide client_send = : CHANGEME_USERID : CHANGEME_PASSWORD
+
# This authenticator supports CRAM-MD5 username/password authentication
# with Exim acting as a _client_, as it might when sending its outgoing
# mail to a smarthost rather than directly to the final recipient.
