1

I've recently run into Debian wiki not recommending to set exim's primary_hostname explicitly. From what I can gather, here's the code that chooses primary_hostname.

Basically, either I have FQDN in /etc/hostname (myhostname.example.com), or just myhostname and a line in /etc/hosts:

ip.add.re.ss  myhostname.example.com  myhostname

Now, which IP address? 127.0.0.1 or an external one?

I guess having FQDN point to localhost is okay. So, myhostname in /etc/hostname, and the following in /etc/hosts?

127.0.0.1  myhostname.example.com  myhostname  localhost

Looks pretty promising to me:

$ hostname
myhostname
$ hostname -d
example.com
$ hostname --fqdn
myhostname.example.com

Other than that exim would probably use myhostname.example.com for the greeting (EHLO). And that might affect whether emails would be considered spam or not. That, or I must send mail from myhostname.example.com, not from example.com?

Can anyone possibly break the cycle for me? And well, that's not only about exim. Are there optimal settings that would make everyone happy? Or most of them?

x-yuri
  • 2,141
  • 2
  • 24
  • 29
  • I've tagged this Debian because answers to this will be specific to Debian and its derivatives, and not generally applicable to other Linux distributions. – Michael Hampton Mar 31 '19 at 22:33

2 Answers2

1

I'm not sure I agree with the advice to not configure primary_hostname explicitly. Of course it's a nice idea in principle to only configure the system's hostname in one place and then have it percolate through the rest of the system, but the 2019 reality of sending email is that you can't just change your outgoing FQDN and expect things to keep working. Ideally, the reverse-DNS of your outgoing IP-address and your HELO name will be the same and consistently resolve back to the IP-address. So it is essential to have the right IP-address configured in the external DNS for your domain. If you know your server will always have reliable access to this external DNS then there's no reason to put any of that in /etc/hosts and I would just stick with 127.0.0.1 localhost there.

For Exim I would personally recommend explicit configuration of primary_hostname. In addition I would draw your attention to the qualify_domain setting, which defaults to the value of primary_hostname but you may want to set explicitly to just your domain name as well.

Bart Noordervliet
  • 81
  • 1
  • 5
  • Could this rather be that `primary_hostname` is the default for a lot of settings. And in case we decide to change it, it might have an unexpected effect on some setting? So they suggest against changing `primary_hostname`, but changing `qualify_domain` is okay? On a side note, on Debian `qualify_domain` defaults to value from [`/etc/mailname`](https://salsa.debian.org/exim-team/exim4/blob/4.92-5/debian/debconf/conf.d/main/01_exim4-config_listmacrosdefs#L57). One can make it use `primary_hostname` by defining `MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN`. – x-yuri May 01 '19 at 21:38
0

Now that I think about it, the idea behind the recommendation might be to not change a setting that affects others. But rather change any specific setting you want to change. Want to change the From header? Change /etc/mailname. HELO hostname? Change helo_data. Which basically boils down to:

/etc/exim4/exim4.conf.localmacros (HELO hostname):

REMOTE_SMTP_HELO_DATA = mydomain.com

/etc/mailname (From header):

mydomain.com

Then

# update-exim4.conf
# systemctl reload exim4

verification

You can confirm that it works by sending a test email to port25's authentication checker:

echo test email | exim check-auth@verifier.port25.com  # replies back
echo test email | exim check-auth2@verifier.port25.com  # replies back
echo test email | exim check-auth-jsmith=yourdomain.com@verifier.port25.com  \
    # replies to jsmith@yourdomain.com

In the recieved report there'll be a line:

HELO hostname:  somedomain.com

Or simply add -v option:

# echo test email | exim -v root@dst.com
LOG: MAIN
  <= root@src.com U=root P=local S=290
delivering 1hM501-0007Nn-7A
R: dnslookup for root@dst.com
T: remote_smtp for root@dst.com
Connecting to mail.dst.com [ip.add.re.ss]:25 ... connected
  SMTP<< 220 dst.com ESMTP Postfix (Debian/GNU)
  SMTP>> EHLO src.com
  SMTP<< 250-dst.com
         250-PIPELINING
         250-SIZE 10240000
         250-VRFY
         250-ETRN
         250-STARTTLS
         250-ENHANCEDSTATUSCODES
         250-8BITMIME
         250 DSN
  SMTP>> STARTTLS
  SMTP<< 220 2.0.0 Ready to start TLS
  SMTP>> EHLO src.com
  SMTP<< 250-dst.com
         250-PIPELINING
         250-SIZE 10240000
         250-VRFY
         250-ETRN
         250-ENHANCEDSTATUSCODES
         250-8BITMIME
         250 DSN
  SMTP>> MAIL FROM:<root@src.com> SIZE=1322
  SMTP>> RCPT TO:<root@dst.com>
  SMTP>> DATA
  SMTP<< 250 2.1.0 Ok
  SMTP<< 250 2.1.5 Ok
  SMTP<< 354 End data with <CR><LF>.<CR><LF>
  SMTP>> writing message and terminating "."
  SMTP<< 250 2.0.0 Ok: queued as 0019EEC0B6D
  SMTP>> QUIT
LOG: MAIN
  => root@dst.com R=dnslookup T=remote_smtp H=mail.dst.com [ip.add.re.ss] X=TLS1.0:RSA_AES_256_CBC_SHA1:32 DN="CN=dst.com"
LOG: MAIN
  Completed

Alternatively, you can check the destination mailbox:

recevied by exim:

Received: from [ip.add.re.ss] (helo=HELO_HOSTNAME)
    ...

received by postfix:

Received: from HELO_HOSTNAME (myhostname [ip.add.re.ss])
    ...

hostname and /etc/hosts

I believe hostname is supposed to be hostname, not FQDN.

Whether to add it to /etc/hosts... I'd rather not. From what I can see software these days doesn't expect hostname to be resolved to anything. Or it can be overridden. (That is, unless you use hostname as a domain name somewhere.) Which means that one needs just this for 127.0.0.1:

127.0.0.1  localhost
x-yuri
  • 2,141
  • 2
  • 24
  • 29