{"id":332,"date":"2014-02-13T22:40:23","date_gmt":"2014-02-13T20:40:23","guid":{"rendered":"http:\/\/log.or.cz\/?p=332"},"modified":"2014-02-13T22:40:23","modified_gmt":"2014-02-13T20:40:23","slug":"smtp-from-exim-equipped-roaming-notebook-ssh-smarthost","status":"publish","type":"post","link":"https:\/\/log.or.cz\/?p=332","title":{"rendered":"SMTP from Exim-equipped roaming notebook (SSH smarthost)"},"content":{"rendered":"<p>I don&#8217;t send email from my notebook often, dealing with my correspondence on my server machine via ssh. When I need to do it, it&#8217;s usually when I&#8217;m sending Git patches or something like that. I didn&#8217;t meet much trouble with sending it directly, but SMTP servers of Debian-involved people are some of the most picky one can meet and I decided it&#8217;ll be best <b>if I switch the exim4 on my notebook to smarthost mode<\/b> where all mail is relayed via my main server.<\/p>\n<p>So that should be trivial to do, right? Wrong, apparently. I figured I&#8217;d use <b>SMTP auth<\/b>, but it just <b>seems mind-bogglingly complicated to configure<\/b> if you don&#8217;t want to spend an evening on it. The client part is fairly easy (probably both on exim4 and postfix), but setting up postfix server to do SMTP auth (for just a single person) is really silly stuff. Maybe not so crazy if you use PAM \/ shadow for authentication, but that means that on my notebook, I&#8217;d have to store (in plaintext) my server password anyone could use to log in &#8211; no way. It seems I <em>could<\/em> switch to Dovecot and somehow pass it a simple password to use, but at that point my patience ran out and I just backed off a litle.<\/p>\n<p><b>Why not just use ssh for smarthost SMTP transport?<\/b> Authentication via ssh is something everyone understands nowadays, it does the best job there, no silly passwords involved and you can just pipe SMTP through it. You wouldn&#8217;t do that at in a company setting with Windows notebooks, but for a single geek, it seems ideal.<\/p>\n<p>Someone already <a href=\"http:\/\/www.jfranken.de\/homepages\/johannes\/vortraege\/ssh2_inhalt.en.html#ToC4\">did set up ssh as exim transport<\/a>, but that&#8217;s for exim3. So here follows a super-quick HOWTO to do this with exim4:<\/p>\n<ul>\n<li>Set up ssh key on client:\n<pre>\r\nsudo -u Debian-exim \/bin\/bash\r\nssh-keygen # go with the default, and empty password, this will be used in an automated way\r\nssh me@server.example.org # to fill up known_hosts; it will fail yet\r\ncat ~\/.ssh\/id_rsa.pub # this is my public key\r\nexit # ..the sudo\r\n<\/pre>\n<li> Set up ssh key on server &#8211; paste the public key printed by the cat above to ~me\/.ssh\/authorized_keys and <em>prepend<\/em> <code>command=\"nc -w1 localhost smtp\",no-agent-forwarding,no-port-forwarding,no-X11-forwarding <\/code> to the key line. This key can now be used only for mail relaying.\n<li> Do <code>dpkg-reconfigure exim4-config<\/code> and configure smarthost mode. Also use it to find out whether you are using split or big configuration. You will also probably want to enable &#8220;mailname hiding&#8221;, otherwise your return-path will contain an unroutable address.\n<li> Set up ssh transport in exim4 &#8211; add the following to the config file:\n<pre>\r\nssh_pipe:\r\n  debug_print = \"T: ssh_pipe for smarthost delivery\"\r\n  driver = pipe\r\n  path = \"\/bin:\/usr\/bin:\/usr\/local\/bin\"\r\n  command = \"ssh me@server.example.org nc -w1 localhost smtp\"\r\n  use_bsmtp\r\n  message_prefix = \"HELO mynotebook.example.org\\r\\n\"\r\n  delivery_date_add\r\n  envelope_to_add\r\n<\/pre>\n<p>(it would be nicer if we used the actual smarthost configuration option value and our notebook&#8217;s hostname instead of hardcoded strings, I guess).<\/p>\n<li> In the smarthost: section of the configuration file, replace <code>transport = remote_smtp_smarthost<\/code> with <code>transport = ssh_pipe<\/code>.\n<li> <code>\/etc\/init.d\/exim4 reload<\/code> and voil\u00c3\u00a1, sending mail from anywhere should work now!\n<\/ul>\n<p>I *wish* setting up roaming SMTP nodes would be way easier nowadays and I wouldn&#8217;t have to eventually spend about 90 minutes on this stuff&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I don&#8217;t send email from my notebook often, dealing with my correspondence on my server machine via ssh. When I need to do it, it&#8217;s usually when I&#8217;m sending Git patches or something like that. I didn&#8217;t meet much trouble with sending it directly, but SMTP servers of Debian-involved people are some of the most [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[8,132,131,25],"class_list":["post-332","post","type-post","status-publish","format-standard","hentry","category-linux","tag-debian","tag-exim","tag-smtp","tag-ssh"],"_links":{"self":[{"href":"https:\/\/log.or.cz\/index.php?rest_route=\/wp\/v2\/posts\/332","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/log.or.cz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/log.or.cz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/log.or.cz\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/log.or.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=332"}],"version-history":[{"count":2,"href":"https:\/\/log.or.cz\/index.php?rest_route=\/wp\/v2\/posts\/332\/revisions"}],"predecessor-version":[{"id":334,"href":"https:\/\/log.or.cz\/index.php?rest_route=\/wp\/v2\/posts\/332\/revisions\/334"}],"wp:attachment":[{"href":"https:\/\/log.or.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=332"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/log.or.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=332"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/log.or.cz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}