Exim4 not sending authentication to a remote smarthost SMTP

Update 2014-08-15:
This article also solves the symptom 503 sender is null. Seen with net.cn mail service.

I stumbled on this problem while re-configuring an Exim4 SMTP relay on Debian to work with a new service provider chosen by the customer (net263.com).

I was told to use port 25 with net263.com because they would NOT support any kind of SSL/TLS security on their SMTP server. It turned out that there was SMTPS running on port 465, making this article less relevant to net263.com but I thought I’d still share this information as it was not easy to find! Trust Nmap more than your workmates!

It should have been as simple as:

  1. Editing /etc/exim4/passwd.client such as:
  2. Running dpkg-reconfigure exim4-config to change the remote smarthost address to smtpcom.263xmail.com on port 25
See my article on configuring a SMTP a relay if you need more details.

The bad

Unfortunately, it didn’t go as easy as revealed by a sendmail command (Edited to remove sensitive data):

Complete log

To understand better the problem, I setup the same email account on Mozilla Thunderbird and capture the traffic with Wireshark. It went like this (Edited for privacy and readability):

Complete capture

The problem seems obvious, Exim4 doesn’t authenticate but try to send the message directly!

The Ugly

After checking my password in /etc/exim4/passwd.client and running sendmail in debug mode(-d), I get the following output (truncated because too long!)

What I learn is that the server is not in the hosts_require_auth to force authentication and that my credentials are correctly found. After a little Googling, I tried to add my host to the . I modified /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost to add the SMTP server to hosts_require_auth such as:

Then regenerate the config and restart Exim4:

Still the same, nothing seemed to get Exim to authenticate against the SMTP server.

Hope

Going back to the documentation, I found the section titled Using Exim as SMTP-AUTH client dealing with Exim as a SMTP client:

If you need to enable AUTH PLAIN or AUTH LOGIN for unencrypted connections because your service provider does support neither TLS encryption nor the CRAM MD5 authentication method, you can do so by setting the AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS macro. Please refer to Section 2.1.3, “Using Exim Macros to control the configuration” for an explanation of how best to do this.

Light

That's more or less what's going on here.

That’s more or less what’s going on here.

After some more Googling, I finally found the fix to my problem:

Edit the file /etc/exim4/exim4.conf.localmacros (create it if it’s not there)

set the content of /etc/exim4/exim4.conf.localmacros such as:

Then regenerate/reload the configuration either with:

Or

Conclusion

Exim is actually protecting us against sending our emails out there in the clear (as nobody should ever do in the 21st century). I just wanted to make this article as it took me several hours to figure out that this protection was there and how to disable it.

Leave a Reply