Primary Information Sources
Check Gmail service site with keywords like "gmail configuring other mail clients" for new configuration requirement changes.
Please read Debian Exim4 User FAQ first.
PkgExim4UserFAQ is updated by the exim4 maintainer. It should be more current and reliable than this page. "Section 10.1" on PkgExim4UserFAQ mentions problems of this page as of January 2012; this page has been updated since to address these issues, but if you still find errors, please login and correct this page.
This wiki page is only a secondary source of information.
Mail Address Basics
Due to pervasive SPAM problem, most SMTP services including Gmail check the legitimacy of mail messages while delivering them. Email address rewriting as discussed here may cause such SMTP services to filter your mail as illegitimate and drop it quietly. Understanding the difference between the mail envelope address and the mail "From: " address is essential to minimize such risks. Be careful about this problem since the situation changes all the time.
Anti-spam techniques: Anti-spam_techniques
Email filtering: Email_filtering
The mail envelope address = SMTP "MAIL FROM" command = Bounce address set by exim4
See Bounce_address
The mail "From: " address = visible e-mail address in the "From :" message header field set by mail clients such as mutt
See E-mail
Sender Rewriting Scheme: Sender_Rewriting_Scheme
Known Limitations of Gmail
If you send a mail to a mailing list via a SMTP server provided by Gmail, the returned mail message from the mailing list is treated as **read** by the Gmail POP3 service and it may not be downloaded to your local mail client by your mail retrieval or forwarding utility (such as fetchmail/getmail/...). (This is true even if the e-mail address you put in the "To: " field is not your Gmail address but you are forwarding it to the Gmail account you used to send the mail.)
Recently, Gmail started to rewrite both envelope and header addresses to the email address of your account automatically if you use their SMTP smarthost, while also adding a DKIM signature. So there is no point anymore in making complicated mangling of email address if you use Gmail.
If you still wish to have your reply address be some other address forwarded to your Gmail, such as foo-guest@alioth.debian.org, you need to use a non-Gmail SMTP service such as one provided by the ISP providing IP connectivity to you. Just hope that your ISP does not rewrite the From address as well.
If you are not using two-factor google authentication, LessSecureApps gmail's option must be enabled. Login to your gmail account then go to this URL to activate smtp service for your gmail account: https://www.google.com/settings/security/lesssecureapps . Otherwise this step is not necessary, and won't work anyway.
Using Exim4 to Send Messages through Gmail
Gmail is said to have a limit of 100 messages/day/account when you use it to send mails via its SMTP service. Keep this in mind
Debian uses Exim4 as a mail server by default. You can configure this Exim4 to use the Google's SMTP servers as its smarthost using your Gmail account.
Let's assume:
- You are ok with Gmail rewriting your sender address or use this Gmail address.
Your account name on your local Debian box: YOUR-USER-NAME
Your host name in /etc/hostname: hostname1
Your host name in the 127.0.1.1 line of /etc/hosts: hostname1.localdomain hostname1
Your envelope address is SMTPAccountName@gmail.com for the outgoing SMTP connection to Gmail's SMTP server via Exim4
Your Exim4 relays local SMTP connections coming with the mail envelope address: YOUR-USER-NAME@localhost and YOUR-USER-NAME@localhost.localdomain
Your account name for SMTP at Gmail is SMTPAccountName@gmail.com
Your password for SMTP at Gmail is y0uRpaSsw0RD
(If you have a real DNS resolvable IP address, the 127.0.1.1 line of /etc/hosts should not exist but should have one for that IP address.)
Initial configuration of Exim4 is invoked with:
# dpkg-reconfigure exim4-config
- Choose "mail sent by smarthost; received via SMTP or fetchmail"
- Set to "localhost" for "System mail name:".
- Set to "127.0.0.1" for "IP-addresses to listen on for incoming SMTP connections" to refuse external connections.
- Leave as empty for "Other destinations for which mail is accepted:".
- Leave as empty for "Machines to relay mail for:".
- Set to "smtp.gmail.com::587" for "IP address or host name of the outgoing smarthost:".
- Choose "NO" for "Hide local mail name in outgoing mail?".
- Choose "NO" for "Keep number of DNS-queries minimal (Dial-on-Demand)?".
- Choose "mbox format in /var/mail/" for "Delivery method for local mail".
- Choose "YES" for "Split configuration into small files?".
This setting is for a typical desktop PC which has no resolvable host name. If you wish to do something more such as relaying mail, you need to configure this accordingly.
Submission port 587 on Gmail system uses STARTTLS service to ensure secure password protection.
(For servers with a real DNS resolvable host name, set it accordingly. But there is no good reason to use Gmail as a smarthost if you are in this situation.)
Configuration of Exim4 for SMTP authentication uses the canonical host name.
Gmail provides SMTP under the name smtp.gmail.com .
Check if you get a different canonical host names of these servers by running:
$ host smtp.gmail.com smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com. gmail-smtp-msa.l.google.com has address 74.125.127.109 gmail-smtp-msa.l.google.com has address 74.125.127.108
In this case you will be needing gmail*.google.com to match the real host names.
If instead you get
$ host smtp.gmail.com smtp.gmail.com has address 108.177.121.108 smtp.gmail.com has IPv6 address 2607:f8b0:4001:c19::6d
Then you will be needing *.gmail.com for your passwd.client file
The authentication information for the external SMTP service is stored in /etc/exim4/passwd.client. Run
# editor /etc/exim4/passwd.client
and add either the following line:
*.google.com:SMTPAccountName@gmail.com:y0uRpaSsw0RD
or
*.gmail.com:SMTPAccountName@gmail.com:y0uRpaSsw0RD
depending on what the host command above gives your for a canonical name.
If the above doesn't work you can also try excluding the @gmail.com part as in:
*.google.com:SMTPAccountName:y0uRpaSsw0RD
This SMTP server stopped working. Confusingly, Google returns: 530-5.5.1 Authentication Required. Last working day was October 15, 2019. Following is a know working setting:
smtp.gmail.com:SMTPAccountName:y0uRpaSsw0RD
Here's how /etc/exim4/passwd.client works: the first field in this file is matched against the reverse DNS of the remote SMTP server (in this case Gmail). If this domain name (or IP, if the server IP doesn't have a reverse domain name configured) matches the first field of this file, Exim4 will try to authenticate for SMTP using this login / password.
If you restored /etc/exim4/passwd.client from the backup file, please make sure to restore its file ownership and permissions with
# chown root:Debian-exim /etc/exim4/passwd.client # chmod 640 /etc/exim4/passwd.client
Edit your address rewrite table /etc/email-addresses by running:
# echo 'YOUR-USER-NAME: SMTPAccountName@gmail.com' >> /etc/email-addresses # echo 'YOUR-USER-NAME@localhost: SMTPAccountName@gmail.com' >> /etc/email-addresses # echo 'YOUR-USER-NAME@hostname1: SMTPAccountName@gmail.com' >> /etc/email-addresses # echo 'YOUR-USER-NAME@hostname1.localdomain: SMTPAccountName@gmail.com' >> /etc/email-addresses
(Actually, recent Gmail rewrites source address automatically anyway. So you do not need to do the above. But Gmail may change again. This might also be needed for other smarthost settings, so I'll leave it on this page.)
If any message comes to your Exim4 with a different envelope address, you need to list it too.
(Although choosing "YES" for "Hide local mail name in outgoing mail?" may allow you to avoid this trouble, you risk sending unintended mails such as these sent to "root" to the smarthost.)
Finally, run
# update-exim4.conf # invoke-rc.d exim4 restart # exim4 -qff
These 3 steps update the Exim4 configuration, reload it, and to force a delivery attempt for all messages including frozen ones.
See "man update-exim4.conf" for more on Exim4 configuration.
Verification of the Configuration and Troubleshooting
After the configuration, please verify your configuration with
# tail /var/log/exim4/mainlog
If you start receiving SMTP authentication errors in mainlog, run
$ host smtp.gmail.com smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com. gmail-smtp-msa.l.google.com has address 74.125.127.109 gmail-smtp-msa.l.google.com has address 74.125.127.108
to verify the resolving host names all match with the definition in your /etc/exim4/passwd.client. Gmail may change its host naming scheme.
If you see in mainlog messages that state something like
failed to open /etc/exim4/passwd.client for linear search: Permission denied (euid=102 egid=102)
you have some file permission problems. Please restore the default permissions as was mentioned above for backup files. (euid and egid may be different on your installation.)
If you see messages in mainlog that state "Credentials Rejected", the account or password was refused by Gmail. Please check the /etc/exim4/passwd.client file.
Although for most ISP, the account name is simply the part before the arobase, Gmail expects the full e-mail address.
If you see "login authenticator failed" in the mainlog, your account does not have "Less Secure Apps" access enabled. This is the default setting. You'll also receive a notification email from Google that they have blocked this login attempt. You will need to go to this page and "Turn On" the Access for Less Secure Apps setting.
Hint for SMTP service with SSL (but not with STARTTLS)
Deprecated protocol of SSL on port 465 is becoming rare these days. So this is probably not required for you. Try to search an ISP which supports the STARTTLS service on port 587 first.
Even if your only available ISP still does not update its servers to use the standard STARTTLS service on port 587, you can used them safely as smarthost using SMTPS protocol with Exim 4.80 (Debian wheezy and newer). You just need to edit system configuration 30_exim4-config_remote_smtp_smarthost in /etc/exim4/conf.d/transport to add "protocol=smtps". (A bit intrusive change ...)
See https://www.exim.org/exim-html-current/doc/html/spec_html/ch30.html under "4. Private options for smtp" on "protocol".
Hints for setting mutt for multiple From: and envelope FROM_ addresses
If you wish to deploy use a different visible e-mail addresses in the "From :" message header field and use different envelope FROM_ address, you need to set it by mail clients generation mail messages such as mutt etc.
Here is an example of .muttrc:
# Explicitly set From_ for ISP set use_envelope_from set envelope_from_address="Foo Bar <foo_bar@example.com>" # Explicitly set From: default set use_from set from="Foo Bar <foo_bar@example.com>" alternates "foo\.bar@gmail\.com|bar\.foo@gmail\.com|foo_bar@example\.com|foobar@debian\.org" # shortcut for FROM: address change macro compose "1" "<edit-from>^UFoo Bar \<foobar@debian.org\>\n" macro compose "2" "<edit-from>^UFoo Bar \<foo.bar@gmail.com\>\n" macro compose "3" "<edit-from>^UFoo Bar \<bar.foo@gmail.com\>\n" macro compose "4" "<edit-from>^UFoo Bar \<foo_bar@example.com\>\n" # short cut for ENVELOPE FROM change macro compose "5" ":set envelope_from_address=\"Foo Bar \<foobar@debian.org\>\"\n" macro compose "8" ":set envelope_from_address=\"Foo Bar \<foo_bar@example.com\>\"\n"