Friday, 25 November 2011

Exim and multiple SMTP hosts

one of the charitable websites that  I do,  Woolsack  , has enrolled 380 people who want to receive the occasional  newsletter.  I set up a mailman mailing list courtesy of cpanel and the hosting, but after some problems, discovered that the hosting  limits emails to 150  in an hour. So of my 380 mailing list , under half were being delivered and the rest were being dumped, without warning. And there was no way to rate-limit the sending.
One suggestion from them was  to  have several lists , each of 150 , and to send them out an hour apart, but thats not practical.

So Ive written a  perl script that will send out emails , with a 30 second pause between them. But what about the  sending ? I think all ISP will  limit emails sent in some way. its difficult to find out what the  limit is.
In addition some spam filters will label as spam emails where the 'from' domain is different to the  server it is sent through.

For my hard-wired cable connection it is accepts emails on port 25 with no authentication, but the ISPs require authentication. Ive got exim as the software on my server .

Here's where I started.
 There is a difference between TLS and SSL , explained here

TLS is the easy one : 

Google  settings listed here  uses TLS/STARTTLS:
so my lookup file contains

$ less /etc/exim4/smtp_users
* smarthost=""  auth_name=""    auth_pass="xxxxxx"

and the router  in exim

debug_print ="T. auto_route remote_smtp for $local_part@$domain from $sender_address "
condition = ${extract{smarthost}{${lookup{$sender_address}wildlsearch{/etc/exim4/smtp_users}{$value}fail}}}
   driver = manualroute
   domains = ! +local_domains
   route_list = "* ${extract{smarthost}{${lookup{$sender_address}wildlsearch{/etc/exim4/smtp_users}{$value}fai
   transport = remote_smtp

 and the transport

hosts_require_tls =
hosts_require_auth =

Exim  versions <4.77 dont do SSL, and the suggestion  is to combine it with stunnel .I installed stunnel 

sudo apt-get install  stunnel

and configured stunnel

$ grep ^[A-Za-z] /etc/stunnel/stunnel.conf
sslVersion = SSLv3
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 3
output = /var/log/stunnel4/stunnel.log
client = yes
accept  = 26
connect =

and started it
( etc/init.d/stunnel start)

and then tested the connection 

~$ telnet localhost 26
Trying ::1...
Connected to localhost.
Escape character is '^]'. ESMTP Exim 4.69 #1 Tue, 29 Nov 2011 11:30:38 +0000
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.

and configure the smtp user 

 cat /etc/exim4/smtp_users | grep local
* smarthost="localhost::26" auth_name=""  auth_pass="xxxxx"

but one last step,  when it still asked for authentication, that I found here
and the transport becomes 

debug_print = "T: remote_smtp for $local_part@$domain"driver = smtp
hosts_require_tls =
hosts_require_auth =
tls_certificate = CONFDIR/exim.crt
tls_privatekey = CONFDIR/exim.key


No comments:

Post a Comment