Follow Techsutra on Twitter

Configuring exim4 in Ubuntu to use GMail for SMTP

This blog runs on wordpress and the “comment notifications by email” never worked. Initially I thought it was a wordpress problem and trawled through forum posts looking for a solution. Unable to find one I did something which I should have tried right at the beginning. I tried sending a mail from the server using the ‘mail’ command. Oops !. Exim log(/var/log/exim4/mainlog) give the wonderfully worded message  R=nonlocal: Mailing to remote domains not supported

Also I wanted to route the mail through GMail SMTP servers since that would improve reliability. Turns out there is an indeed a way to make exim, the default MTA in debain/ubuntu to route all mail through GMail SMTP servers. Second round of trawling the interwebs started I managed to get a working setup without much trouble. But I had to piece together the content from separate sources. Here is how I did it.

Step 1

Run dpkg-reconfigure exim4-config

Step 2

Step 3

That should be it. You can test by using the command line mail client.

This was on an Ubuntu server. I believe that this instructions will also work on Debain without any need for modifications.

  • Jakub
    Hello,

    wery useful, thanks. in my case (debian, exim4) I needed also to comment whole section starting from

    login:

    because I was geting

    two client authenticators (gmail_login and login) have the same public name (LOGIN)
  • Kim
    Excellent write up! This helped me a lot.
  • Thanks for this guide, worked like a charm after spending hours trying to get postfix to play nice with Gmail I found this solution to be 10x easier and I didn't even have to mess with SSL CA certs ;)

    http://basskozz.wordpress.com/2008/12/07/how-to...
  • yotnottin
    Thank you for the help. I'm running Ubuntu Gutsy and required an additional step not mentioned above.

    From the site http://wiki.debian.org/GmailAndExim4 I found the following little snippet which for me was the final fix I needed:

    ==============
    Run

    # editor /etc/exim4/passwd.client

    and add the following lines:

    gmail-smtp.l.google.com:yourAccountName@gmail.com:y0uRpaSsw0RD
    *.google.com:yourAccountName@gmail.com:y0uRpaSsw0RD
    smtp.gmail.com:yourAccountName@gmail.com:y0uRpaSsw0RD
    =============
  • Actually, that wiki page has outdated information according to debain.
    http://wiki.debian.org/PkgExim4UserFAQ.Go to the bottom of that page. Here is what it says


    Gmail and Exim4 in this very wiki contains outdated information, and the way it informs people to edit /etc/exim4/passwd.client shows that the author does not understand what he is doing. No, the author of _this_ FAQ does not have the time to improve the Gmail HOWTO document, sorry.



    This guide should have worked for you and you shouldn't be editing /etc/exim4/passwd.client. It is actively discouraged. What problems did you experience after following the guide. ?
  • yotnottin
    After following this guide to the letter I was still getting "Authorization Required" errors in my exim4 mainlog file. Once I made the changes noted above delivery to gmail worked as expected.

    Just to be sure, I just retested by disabling the changes to passwd.client. Followed the instruction as noted on this blog, then restarted exim4. Sending an email is once again returning the "Authorization Required" error from gmail.

    Here is the exact error message:
    2008-12-12 15:16:12 1LBEQb-00052L-11 ** root@parramoreworks.com R=smarthost T=remote_smtp_smarthost: SMTP error from remote mail server after MAIL FROM: SIZE=2462: host gmail-smtp-msa.l.google.com [74.125.47.111]: 530-5.5.1 Authentication Required. Learn more at\n530 5.5.1 http://mail.google.com/support/bin/answer.py?an... 6sm2449761ywp.50

    If you have any pointers on how to correct this without using the questionable wiki instructions I would be very appreciative.
  • Can you send me your /etc/exim4/exim4.conf.template after removing your gmail password. Put a placeholder there.
  • yotnottin
    Uh, thats a long file. Do you want me to post it here or send it to you in an email?
  • You can send it via email.
  • You had a smarthost defined with domains = ! +local_domains. If you remove that section the configuration will work fine.
  • yotnottin
    Thank you, thank you, thank you! That works perfectly. I really appreciate your help with this. I don't how I missed that in the instructions. Twice even. arghh.
  • You didn't miss it in the instructions. I just updated the guide to reflect that change. Thank You. Working on your problem helped me to improve the guide.
  • You're the man! Great guide, worked perfectly.
    Thank you so much.
  • Tim
    Hello,
    Good guide but still cant send emails.
    I have no errors and my logs are empty.
  • Very handy, thanks a lot.

    At the moment it doesn't seem to be respecting /etc/aliases (specifically, trying to rewrite root), but that's probably sticky fingers on my part. When/if I find a solution I'll post a note here.

    Regards

    DAVE
  • Thanks for the great guide. I don't know how many hours you just saved me, but its a lot. The instructions worked perfectly and they were easy to follow.

    Thanks again,
    Richard
  • John Pope
    My 2 cents....
    Perhaps you can reword the guide above to say instead

    If you have any other smarthost defined with “domains = ! +local_domains” remove that smarthost.

    to
    Comment out the entire smarthost: eg.

    #smarthost:
    # debug_print = "R: smarthost for $local_part@$domain"
    # driver = manualroute
    # domains = ! +local_domains
    # transport = remote_smtp_smarthost
    # route_list = * DCsmarthost byname
    # host_find_failed = defer
    # same_domain_copy_routing = yes
    # no_more

    Then add below
    send_via_gmail:
    driver = manualroute
    domains = ! +local_domains
    transport = gmail_smtp
    route_list = * smtp.gmail.com
  • John Pope
    oh and one more thing -

    if anyone gets stuck when you run
    /ext/init.d/exim4 restart
    and receive
    ALERT:exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken

    I think this is a red hairing. delete/remove the old entries in the paniclog and this clears this error.

    AWESOME - it's working!
  • Many thanks for your article.

    Instructions are very clear and straight.

    IT WORKED, BRAVO !

    Thanks, Nagin
  • Julian
    Hmmm, I followed the instructions to a tea, twice, no errors, but mail never reaches it's destination. Any thoughts?
  • Julian
    BTW, I am running Exim4 on Debian Sarge...
  • Sadhanandhan
    Wonderful article. One question i have though! I have a firewall in my Hardy Heron server install, using UFW. Should i open port 587 to let the emails go out?
  • @Julian: anything in the logs

    @Sadhanandhan: Firewalls usually allow all outbound connections. So first test with the firewall down and then add the firewall rules to see if it is interfering with the setup
  • Sadhanandhan
    Thank you for your reply. This sure works for me!!! Thank you.
  • Thanks again, as I mentioned in an earlier comment I used this to setup exim4 on my NAS.

    I am running into one problem however, my RIG is sending emails to root@domain.com. But I don't own 'domain.com', how can I configure root emails (usually errors of some sort) to only send emails to my gmail address?
  • Hanno
    Thanks for the nice writeup.

    One suggestion: changing the permissions of the exim4.conf.template file since it contains the gmail password in plain text (chmod 0600).

    Does this solution send the gmail password as plaintext to the gmail smtp server? If so is it possible to use a secure connection?
  • Hi,

    I agree, you should tell to comment out the whole smarthost definition.

    I add to comment the end of the file in order to rid off an error on update-exim4.conf exec :

    "client_send" option set for the second time


    here is the end of my file :

    #.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
    # client_send = "<; ${if !eq{$tls_cipher}{}\
    # {^${extract{1}{:}{PASSWDLINE}}\
    # ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
    # }fail}"
    #.else
    # client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
    # ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
    #.endif

    #login:
    # driver = plaintext
    # public_name = LOGIN

    #.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
    # Return empty string if not non-TLS AND looking up $host in passwd-file
    # yields a non-empty string; fail otherwise.
    # client_send = "<; ${if and{\
    # {!eq{$tls_cipher}{}}\
    # {!eq{PASSWDLINE}{}}\
    # }\
    # {}fail}\
    # ; ${extract{1}{::}{PASSWDLINE}}\
    # ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
    #.else
    # Return empty string if looking up $host in passwd-file yields a
    # non-empty string; fail otherwise.
    # client_send = "<; ${if !eq{PASSWDLINE}{}\
    # {}fail}\
    # ; ${extract{1}{::}{PASSWDLINE}}\
    # ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
    #.endif
    #####################################################
    ### end auth/30_exim4-config_examples
    #####################################################
  • oups... spelling mistake :

    "I add to comment the end of "

    should be read :

    "I had to comment the end of ..."

    ;o)
  • Note : if you did some config mistake before getting a correct file, on exim4 restart, you'll get this warning :

    * ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken

    Which tells that the log file has something in it and you should look into.

    Mine got these kind of message :

    2009-02-08 00:35:50 Exim configuration error in line 834 of /var/lib/exim4/config.autogenerated.tmp:
    "client_send" option set for the second time


    Has it's my previous mistake, you can safely delete the file to get rid off the warning and restart exim4.

    Thomas
  • Great ! I got it working within 10 minutes ;o)

    Question :

    Mail are sent from :

    root

    Is it possible to customize some config file to have

    root@machineName.domain.tld

    Because I've several server to configure this way, And I want to know which one is mailing me.


    Although, I've google Apps [premium] accout and for the login information you can use

    yourGoogleAppsLogin@yourDomain.tld : yourpassword

    and leave everything else as is, it will works too ;o)

    Many thanks for the tutorial !
    Thomas.
  • the comment system do not escape html :'(


    Mail are sent from :

    root <mygmailaddr@gmail.com>

    Is it possible to customize some config file to have

    root from machineName.domain.tld <mygmailaddr@gmail.com>
  • Lars Dongrie Oppholdsnes
    Awesome guide!
    Can you configure it to only accept requests from 127.0.0.1 ?
  • You can always use iptables to drop connections from outside

    iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j DROP
  • Lars Dongrie Oppholdsnes
    Thanks, I haven't really dared to touch iptables yet, apparently its time to check it out. ;)
  • You don't need to touch iptables.

    The tutorial configure Exim so that it accept smtp connection only on 127.0.0.1

    * Type IP Adresses to listen on for incoming SMTP connections: 127.0.0.1

    So it's safe as Exim won't bind on your public ip.

    Though it's a good practice to forbid ports that should be used from internet.

    On ubuntu there's ufw (uncomplicated firewall) which far less combersome to use than iptables.
  • Thanks a lot for this fine guide, saved me a lot of time. (using Ubuntu Gutsy and mdadm raid array notifications)
  • Ruth
    Works wonders, albeit I use your tutorial to guide me to setup on local smtp and actually skip #2 =)

    and this is the first mailing system I handled.
    Many many thanks to the guide.
  • Great!. Just wanted to thank you for this tutorial.
  • kripz
    I keep getting these errors: http://pastebin.com/m13bc7895
    exim4.conf.template: http://pastebin.com/m4ee71713

    THIS IS DRIVING ME INSANE
  • @kripz

    1. I don't see 587 port number in my logs. I'm not sure whether that's because of a configuration problem or log settings.

    2. Did you check the network.? Do telnet gmail-smtp-msa.l.google.com 587 You should be getting a response. If you are getting no response or connection is refused, your outgoing connections might be restricted somehow.
  • kripz
    Ok, i think it has something to do with my network though im out of ideas as to what it could be.

    Telnet:
    telnet: Unable to connect to remote host: Connection refused

    Telnet using putty on my windows machine:
    220 mx.google.com ESMTP v32sm740311wah.24

    Ping:
    From beasty-x12000 (192.168.1.3) icmp_seq=1 Destination Port Unreachable

    Pinging from my windows machine works...

    For some reason my debian server is being blocked, though they are plugged into the same switch and using the same gateway. This is just a home network so there isnt anything special set up, just a switch and a modem/router.

    This is weird.
  • Javich
    Great man.

    Thanks for this tutorial worked like a charm.

    The only thing I regret is that still configuring linux services in some distributions is so painful because you have to re-learn a new configuration layout though the concepts are the same (mta, relay, smtp, etc). Why not just having a simple GUI to do all this stuff.

    Cheers,
    Javier.
  • swk
    After some troubles, I have it working on Debian testing. Exim4 doesn't work with my large and stupid isp (AT&T)[0] but since I'll probably changes isp before gmail goes away, this works out better! Thanks!

    [0] bugs.debian.org/430057
  • swk
    Took some time to look at this more and wanted to add some things:

    - gmail supports tls and exim automatically uses it [0] so these connections should be secure. Someone asked earlier and I wanted to verify.

    - email sent this way uses the linux login account's name (not the email account's name) in the From: field. I added a line like:
    *@* "Your Name " Ffrsw
    in the rewrite/31_exim4-config_rewriting section to fix this.

    Hope this is helpful and clear.

    [0] http://pkg-exim4.alioth.debian.org/README/READM...
  • swk
    The *@* line didn't show up right. After "Your Name is a .
  • grwk
    You rock - works like a charm.
blog comments powered by Disqus