I am attempting to use Exim to function as an SMTP server which relays mail as a smarthost to our Mandrill service. (The point of this would be using Exim to authenticate our users for IMAP mail and auth them against our LDAP server while relying on Mandrill for delivery.)
I initially had Exim set up to smarthost and had the Mandrill settings in the .client file in the Exim folder. This worked correctly and I was able to use telnet or an MUA to send mail and it was relayed by Mandrill properly.
Then I enabled TLS and authentication and blocked non-authenticated users from using Exim. This also worked properly — TLS is operational and I can connect and authenticate. But something in this authentication has broken the smarthost relay — I suspect because Exim is passing my "local" LDAP auth credentials to Mandrill instead of the .client credentials I specified. The error in my mainlog file looks like this:
2014-04-24 06:54:53 1WchYz-0007Db-3E SMTP error from remote mail
server after RCPT TO:: host
smtp.us-east-1.mandrillapp.com [54.237.217.91]: 454 4.7.1
: Relay access denied
How can I set up Exim to authenticate incoming users, but use a different set of credentials to authenticate to the SMTP relay?
Best Answer
The two authentications are independent.
You enable Exim to authenticate on outgoing connections, with a client authenticator. You will need to configure a line in the Exim
passwd.client
file for each server you need to authenticate to. The man page forexim_passwd_client
describes the format of the password file.Incoming authentication is done with a server authenticator. These are likely commented out in the default configuration. The man page for
exim_passwd
describes the passwd file. You should consider enabling TLS on the submission port (587) for users to send messages. The following macros at the star of the file should enable incoming authentication.To allow authenticate users to send outgoing mail you will need to accept the connections at certain points. Where your configuration has rule to handle local senders like:
Add a rule like: