Setting up a simple mail server, on a Raspberry Pi

SMTP, has its name suggests, is simple. It is, really is, until you have a need to deploy one yourself today. It was way easier twenty years ago when the Internet was a benign place, and every Windows XP came with a solid SMTP server out of the box, and enabled for unrestricted relay for all!

In this age of abundant cloud services, why would one still need to set up your own MTA? In my case, it was because of the limited SMTP capability of a couple of (very) old webcams I have. One works only without encryption. One works only if the password is less than 64 characters.

SendGrid is a reliable free service for up to 6,000 mails a month. But it uses a super-long password. My intention was to use SendGrid as the relaying MTA ("smarthost") because of its sender reputation.

It is easy to configure an MTA to do the actual delivery, ie make it connect to the MX server of every addressee in each mail and deliver the mail. However, such mails sent will likely be treated as spam unless much more effort is invested to improve its reputation.

After wasting much time going round the world with nullmailer, ssmtp, Postfix, I settled on Exim4. I said wasted because I was misled by the inadequate documentation of these products. I cannot complain as the products are given free. nullmailer and ssmtp are not true MTAs. They work only for the machine on which they are installed. Postfix makes SMTP not simple, and it is difficult to locate in its documentation to find what I need.

Exim4 is from Cambridge, UK and so is the Pi. I thought that it would be a good fit, and it is. The Debian documentation for Exim4 is thorough and up to date. Follow the detailed steps and you can set it up quickly. The confusing part is the names of the various configuration files. I find them unconventional and it took me some time to figure out what each meant.

/etc/exim4/exim4.conf.template is sort of the master configuration file. It is not a template file as its name suggests. You can, and will need to for some, change many settings here. However, if you want to be able to wipe out this file every time you reinstall Exim4 but not lose your configuration, then use another file /etc/exim4/exim4.conf.localmacros.

The exim4.conf.localmacros file does not contain macros. It just contains key=value pairs that you would otherwise put in that "template" file.

When you run dpkg-reconfigure exim4-config, it basically updates /etc/exim4/update-exim4.conf.conf. The mode that I wanted, "Mail sent by smarthost; no local mail" is reflected as dc_eximconfig_configtype='satellite' in this file.

Now you understand why I said the file names are not conventional!

An additional step is to put the SendGrid account credentials in /etc/exim4/passwd.client file.

I needed to go beyond the default configuration. I needed authentication so that the cameras on the Internet could connect and send mail. I had created a local machine user smtp for this purpose. So I needed to install SASLAUTH. The instructions are at https://wiki.debian.org/Exim#User_authentication, but what is missing is that the MECHANISM key in /etc/defaults/saslauthd has to be set to "shadow". SASLAUTH will then use the credentials in the file /etc/shadow.

When a connection is made using valid credentials, Exim4 will always relay mail unconditionally. What if you want to allow machines on the same LAN to send mail without credentials? You need to set the parameter dc_relay_nets to the subject you are on, for example, 192.168.1.0/24. This setting is not offered in the dpkg-reconfigure utility when the mode is satellite, until you have added it manually.

Hope you find the above useful.

Comments

Post a Comment

Popular posts from this blog

Attack Lab - Level 5 explained

Image
Ning Wang has published a very good write-up (2022 update: web page is gone now) on his solutions to the Attack Lab from the CS:APP book. However, I thought his solution to Level 5 could do with a bit more elaboration for those who are struggling with this topic. First, it is necessary to understand what ROP requires. An essential component of ROP is good luck, lots of it. Without getting lucky, you may take more than 10 100  years to find a workable attack, if at all. This, the authors of CS:APP did not mention. I also could not comprehend the purpose this exercise is even given out as homework in CMU to be completed in a week (while there are tons of homework from other courses too), without an intensive course in Intel Assembler as a prerequisite. Level 5 requires the same general logic as Level 3, which can be summarized as (pseudo code): mov <cookiestring address>, %rdi //why? because touch3 is expecting it there call touch3 To achieve the above for Level 5, the
Read more

Setting to English for the Xiaomi Wifi Router

Image
The Xiaomi Mi Wifi Router now is in English. If it boots up to a foreign language for you, this guide will help you to change it to English. It is best to connect to it via wired Ethernet for the first time. Otherwise, the default unsecured wifi SSID should be Xiaomi_C3C1 . Your IP should be in the subnet 192.168.31.x, and the router is at http://miwifi.com which the router will resolve to 192.168.31.1. The first screen you see will be the setting up of the wifi SSID and wifi password. The big blue button at the bottom is the Next button. The next screen sets up the router administrator password (second field). The first field is Home/Work/Custom. Click the big blue button to complete. At the main configuration page, look for the third item (Settings) on the top menu, and the orange option (System Status): The last option on the page is the language selection: Open the drop down to select English: The change will take place the moment you click English. Enj
Read more

Assembly version, File version, Product version

Image
If you are a .NET developer, Assembly and File version would be familiar to you. They can be set in the Designer UI (project Properties page, Application tab, Assembly I nformation button...) which basically updates appropriate attributes in AssemblyInfo.cs. Now, there is a less well known number - the Product version . It is not well documented and most developers ignore it altogether with no side-effects most of the time. However, it is an important number and it seems that, of the three, Product version is the most widely used. The three version numbers simply take the values you give them or: a. If Assembly version is not explictly specified, it takes the value of 0.0.0.0. b. If File version is not explicitly specified, it takes the value of Assembly version. c. If Product version is not explicitly specified, it takes the value of File version. In Windows Explorer of Windows XP and Server 2003, you can see from the properties of a file all three version numbers. In W
Read more