In questo post ho discusso i meccanismi che regolano il funzionamento delle blacklist sull'SMTP out.virgilio.it
Ora vedremo come abilitare l'autentica per lo smarthost (ovvero l'MTA) utilizzato da exim4.
La procedura è quasi banale, basta modificare il contenuto del file passwd.client presente nella directory /etc/exim4, inserendo una stringa così formata:
smarthost:username@dominio:password
Ad esempio, se il nostro exim4 utilizza come smarthost out.virgilio.it, dovremo editare il file citato in precedenza, aggiungendo la seguente entry:
out.virgilio.it:vostroindirizzo@virgilio.it:vostrapassword
Per verificare la correttezza di tale procedura ho effettuato uno sniffing dei pacchetti da e verso lo smarthost. Ecco i dump (parziali):
Senza autentica
No. Time Source Destination Protocol Info
1 0.000000 172.16.*.* 212.48.20.24 TCP 58336 > smtp [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=164278477 TSER=0 WS=6
No. Time Source Destination Protocol Info
2 0.049538 212.48.20.24 172.16.*.* TCP smtp > 58336 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1380 TSV=262597959 TSER=164278477 WS=7
No. Time Source Destination Protocol Info
3 0.049655 172.16.*.* 212.48.20.24 TCP 58336 > smtp [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=164278490 TSER=262597959
No. Time Source Destination Protocol Info
4 0.097831 212.48.20.24 172.16.*.* SMTP S: 220 fep-mail-smtpout-l2c.virgilio.net ESMTP Service ready
No. Time Source Destination Protocol Info
5 0.097934 172.16.*.* 212.48.20.24 TCP 58336 > smtp [ACK] Seq=1 Ack=60 Win=5888 Len=0 TSV=164278502 TSER=262598009
No. Time Source Destination Protocol Info
6 0.098125 172.16.*.* 212.48.20.24 SMTP C: EHLO nightbox
No. Time Source Destination Protocol Info
7 0.145662 212.48.20.24 172.16.*.* TCP smtp > 58336 [ACK] Seq=60 Ack=16 Win=5888 Len=0 TSV=262598057 TSER=164278502
No. Time Source Destination Protocol Info
8 0.146254 212.48.20.24 172.16.*.* SMTP S: 250-fep-mail-smtpout-l2c.virgilio.net | 250-DSN | 250-8BITMIME | 250-PIPELINING | 250-HELP | 250-AUTH=LOGIN | 250-AUTH LOGIN CRAM-MD5 DIGEST-MD5 PLAIN | 250-DELIVERBY 300 | 250 SIZE 31457280
No. Time Source Destination Protocol Info
9 0.164391 172.16.*.* 212.48.20.24 SMTP C: MAIL FROM:<nightfly@nightfly.*.*> SIZE=1405 | RCPT TO:<nazareno.latella@*.*> | DATA
No. Time Source Destination Protocol Info
10 0.211331 212.48.20.24 172.16.*.* SMTP S: 250 MAIL FROM:<nightfly@nightfly.*.*> OK
No. Time Source Destination Protocol Info
11 0.211789 212.48.20.24 172.16.*.* SMTP S: 250 RCPT TO:<nazareno.latella@*.*> OK
No. Time Source Destination Protocol Info
12 0.212137 172.16.*.* 212.48.20.24 TCP 58336 > smtp [ACK] Seq=112 Ack=338 Win=6912 Len=0 TSV=164278531 TSER=262598123
No. Time Source Destination Protocol Info
13 0.436690 212.48.20.24 172.16.*.* SMTP S: 354 Start mail input; end with <CRLF>.<CRLF>
No. Time Source Destination Protocol Info
14 0.437121 172.16.*.* 212.48.20.24 IMF subject: prova, from: * <*@nightfly.*.*>rn,
No. Time Source Destination Protocol Info
15 0.511319 212.48.20.24 172.16.*.* SMTP S: 250 <4EC124BD001803F0> Mail accepted
No. Time Source Destination Protocol Info
16 0.548011 172.16.*.* 212.48.20.24 TCP 58336 > smtp [ACK] Seq=497 Ack=422 Win=6912 Len=0 TSV=164278615 TSER=262598423
No. Time Source Destination Protocol Info
17 0.582529 172.16.*.* 212.48.20.24 SMTP C: QUIT
No. Time Source Destination Protocol Info
18 0.582574 172.16.*.* 212.48.20.24 TCP 58336 > smtp [FIN, ACK] Seq=503 Ack=422 Win=6912 Len=0 TSV=164278623 TSER=262598423
No. Time Source Destination Protocol Info
19 0.629901 212.48.20.24 172.16.*.* SMTP S: 221 fep-mail-smtpout-l2c.virgilio.net QUIT
No. Time Source Destination Protocol Info
20 0.630006 172.16.*.* 212.48.20.24 TCP 58336 > smtp [RST] Seq=503 Win=0 Len=0
No. Time Source Destination Protocol Info
21 0.630223 212.48.20.24 172.16.*.* TCP smtp > 58336 [ACK] Seq=466 Ack=504 Win=5114624 Len=0
No. Time Source Destination Protocol Info
22 0.630240 172.16.*.* 212.48.20.24 TCP 58336 > smtp [RST] Seq=504 Win=0 Len=0
Con autentica
No. Time Source Destination Protocol Info
1 0.000000 172.16.*.* 212.48.20.24 TCP 58305 > smtp [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=164205424 TSER=0 WS=6
No. Time Source Destination Protocol Info
2 0.050120 212.48.20.24 172.16.*.* TCP smtp > 58305 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1380 TSV=262305745 TSER=164205424 WS=7
No. Time Source Destination Protocol Info
3 0.050177 172.16.*.* 212.48.20.24 TCP 58305 > smtp [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=164205437 TSER=262305745
No. Time Source Destination Protocol Info
4 0.115507 212.48.20.24 172.16.*.* SMTP S: 220 fep-mail-smtpout-l2c.virgilio.net ESMTP Service ready
No. Time Source Destination Protocol Info
5 0.115532 172.16.*.* 212.48.20.24 TCP 58305 > smtp [ACK] Seq=1 Ack=60 Win=5888 Len=0 TSV=164205453 TSER=262305811
No. Time Source Destination Protocol Info
6 0.115639 172.16.*.* 212.48.20.24 SMTP C: EHLO nightbox
No. Time Source Destination Protocol Info
7 0.162612 212.48.20.24 172.16.*.* TCP smtp > 58305 [ACK] Seq=60 Ack=16 Win=5888 Len=0 TSV=262305858 TSER=164205453
No. Time Source Destination Protocol Info
8 0.163306 212.48.20.24 172.16.*.* SMTP S: 250-fep-mail-smtpout-l2c.virgilio.net | 250-DSN | 250-8BITMIME | 250-PIPELINING | 250-HELP | 250-AUTH=LOGIN | 250-AUTH LOGIN CRAM-MD5 DIGEST-MD5 PLAIN | 250-DELIVERBY 300 | 250 SIZE 31457280
No. Time Source Destination Protocol Info
9 0.163651 172.16.*.* 212.48.20.24 SMTP C: AUTH CRAM-MD5
No. Time Source Destination Protocol Info
10 0.217604 212.48.20.24 172.16.*.* SMTP S: 334
(digest username)
No. Time Source Destination Protocol Info
11 0.217920 172.16.*.* 212.48.20.24 SMTP C:
(digest password)
No. Time Source Destination Protocol Info
12 0.303846 212.48.20.24 172.16.*.* TCP smtp > 58305 [ACK] Seq=338 Ack=117 Win=5888 Len=0 TSV=262306000 TSER=164205479
No. Time Source Destination Protocol Info
13 0.345052 212.48.20.24 172.16.*.* SMTP S: 235 CRAM-MD5 authentication successful
No. Time Source Destination Protocol Info
14 0.363227 172.16.*.* 212.48.20.24 SMTP C: MAIL FROM:<nightfly@nightfly.*.*> SIZE=1405 AUTH=nightfly@nightfly.*.* | RCPT TO:<nazareno.latella@*.*> | DATA
No. Time Source Destination Protocol Info
15 0.410026 212.48.20.24 172.16.*.* TCP smtp > 58305 [ACK] Seq=378 Ack=247 Win=6912 Len=0 TSV=262306106 TSER=164205515
No. Time Source Destination Protocol Info
16 0.410494 212.48.20.24 172.16.*.* SMTP S: 250 MAIL FROM:<nightfly@nightfly.*.*> OK
No. Time Source Destination Protocol Info
17 0.410923 212.48.20.24 172.16.*.* SMTP S: 250 RCPT TO:<nazareno.latella@*.*> OK
No. Time Source Destination Protocol Info
18 0.410978 172.16.*.* 212.48.20.24 TCP 58305 > smtp [ACK] Seq=247 Ack=472 Win=6912 Len=0 TSV=164205527 TSER=262306106
No. Time Source Destination Protocol Info
19 0.532271 212.48.20.24 172.16.*.* SMTP S: 354 Start mail input; end with <CRLF>.<CRLF>
No. Time Source Destination Protocol Info
20 0.532658 172.16.*.* 212.48.20.24 IMF subject: prova, from: * <*@nightfly.*.*>rn,
No. Time Source Destination Protocol Info
21 0.630124 212.48.20.24 172.16.*.* SMTP S: 250 <4EC124BD0017FEC2> Mail accepted
No. Time Source Destination Protocol Info
22 0.668193 172.16.*.* 212.48.20.24 TCP 58305 > smtp [ACK] Seq=632 Ack=556 Win=6912 Len=0 TSV=164205592 TSER=262306326
No. Time Source Destination Protocol Info
23 0.697248 172.16.*.* 212.48.20.24 SMTP C: QUIT
No. Time Source Destination Protocol Info
24 0.697297 172.16.*.* 212.48.20.24 TCP 58305 > smtp [FIN, ACK] Seq=638 Ack=556 Win=6912 Len=0 TSV=164205599 TSER=262306326
No. Time Source Destination Protocol Info
25 0.743766 212.48.20.24 172.16.*.* SMTP S: 221 fep-mail-smtpout-l2c.virgilio.net QUIT
No. Time Source Destination Protocol Info
26 0.743892 172.16.*.* 212.48.20.24 TCP 58305 > smtp [RST] Seq=638 Win=0 Len=0
No. Time Source Destination Protocol Info
27 0.744116 212.48.20.24 172.16.*.* TCP smtp > 58305 [ACK] Seq=600 Ack=639 Win=5081856 Len=0
No. Time Source Destination Protocol Info
28 0.744152 172.16.*.* 212.48.20.24 TCP 58305 > smtp [RST] Seq=639 Win=0 Len=0
Come potete notare, il metodo di autenticazione di default utilizzato dall'SMTP è CRAM-MD5
Infine, riavviamo exim4 mediante il comando:
nightfly@nightbox:/etc/exim4$ sudo service exim4 restart
ed abbiamo finito.
A presto.