Setting up a simple mail server, on a Raspberry Pi

SMTP, has its name suggests, is simple. It is, really is, until you have a need to deploy one yourself today. It was way easier twenty years ago when the Internet was a benign place, and every Windows XP came with a solid SMTP server out of the box, and enabled for unrestricted relay for all!

In this age of abundant cloud services, why would one still need to set up your own MTA? In my case, it was because of the limited SMTP capability of a couple of (very) old webcams I have. One works only without encryption. One works only if the password is less than 64 characters.

SendGrid is a reliable free service for up to 6,000 mails a month. But it uses a super-long password. My intention was to use SendGrid as the relaying MTA ("smarthost") because of its sender reputation.

It is easy to configure an MTA to do the actual delivery, ie make it connect to the MX server of every addressee in each mail and deliver the mail. However, such mails sent will likely be treated as spam unless much more effort is invested to improve its reputation.

After wasting much time going round the world with nullmailer, ssmtp, Postfix, I settled on Exim4. I said wasted because I was misled by the inadequate documentation of these products. I cannot complain as the products are given free. nullmailer and ssmtp are not true MTAs. They work only for the machine on which they are installed. Postfix makes SMTP not simple, and it is difficult to locate in its documentation to find what I need.

Exim4 is from Cambridge, UK and so is the Pi. I thought that it would be a good fit, and it is. The Debian documentation for Exim4 is thorough and up to date. Follow the detailed steps and you can set it up quickly. The confusing part is the names of the various configuration files. I find them unconventional and it took me some time to figure out what each meant.

/etc/exim4/exim4.conf.template is sort of the master configuration file. It is not a template file as its name suggests. You can, and will need to for some, change many settings here. However, if you want to be able to wipe out this file every time you reinstall Exim4 but not lose your configuration, then use another file /etc/exim4/exim4.conf.localmacros.

The exim4.conf.localmacros file does not contain macros. It just contains key=value pairs that you would otherwise put in that "template" file.

When you run dpkg-reconfigure exim4-config, it basically updates /etc/exim4/update-exim4.conf.conf. The mode that I wanted, "Mail sent by smarthost; no local mail" is reflected as dc_eximconfig_configtype='satellite' in this file.

Now you understand why I said the file names are not conventional!

An additional step is to put the SendGrid account credentials in /etc/exim4/passwd.client file.

I needed to go beyond the default configuration. I needed authentication so that the cameras on the Internet could connect and send mail. I had created a local machine user smtp for this purpose. So I needed to install SASLAUTH. The instructions are at https://wiki.debian.org/Exim#User_authentication, but what is missing is that the MECHANISM key in /etc/defaults/saslauthd has to be set to "shadow". SASLAUTH will then use the credentials in the file /etc/shadow.

When a connection is made using valid credentials, Exim4 will always relay mail unconditionally. What if you want to allow machines on the same LAN to send mail without credentials? You need to set the parameter dc_relay_nets to the subject you are on, for example, 192.168.1.0/24. This setting is not offered in the dpkg-reconfigure utility when the mode is satellite, until you have added it manually.

Hope you find the above useful.

Comments

Popular posts from this blog

Attack Lab - Level 5 explained

Assembly version, File version, Product version

Setting to English for the Xiaomi Wifi Router