[Feature] System wide SMTP relay to use TLS

[rhjmartens]

Describe the feature or change in detail

I use Hestia within the Oracle cloud (OCI) on ARM. It works like a charm.
However I cannot get Exim to send all mail (System Wide Relay) through the by OCI provided SMTP server, username and password.
Exim apparantly does not want to use TLS to "login" into the SMTP server provided by Oracle.

I think a checkbox to enable TLS on System-wide or Domain-specific SMTP relay settings would be a great addition.

Thanks for considering the option.

Would you like to sponsor this feature to have it implemented?

Yes

[jaapmarcus]

Strange thing TLS is already used:

delivering 1qEq2S-0004tu-OT
Transport port=25 replaced by host-specific port=587
Connecting to smtp.email.eu-amsterdam-1.oci.oraclecloud.com [192.29.193.111]:587 ...  TFO mode sendto, no data: EINPROGRESS
 connected
  SMTP<< 220 smtp.email.eu-amsterdam-1.oci.oraclecloud.com ESMTP smtp-in
  SMTP>> EHLO xxx
  SMTP<< 250-smtp.email.eu-amsterdam-1.oci.oraclecloud.com
         250-STARTTLS
         250 Ok
  SMTP>> STARTTLS
  SMTP<< 220 Ready to start TLS
  SMTP>> EHLO xxxx
  SMTP<< 250-smtp.email.eu-amsterdam-1.oci.oraclecloud.com
         250-PIPELINING
         250-8BITMIME
         250-AUTH PLAIN
         250 Ok
  SMTP>> QUIT
  SMTP(close)>>
LOG: MAIN
  == xxxxx@gmail.com R=send_via_smtp_relay T=smtp_relay_smtp defer (-42): authentication required but no common mechanisms were found

[jaapmarcus]

Let see what happens

[jaapmarcus]

Hi Marcus! As long as the system can be configured to support AUTH PLAIN authentication with the appropriate TLS configuration (latest, most secure protocols and ciphers as set forth by Oracle), Exim should work fine. We do not have a specific guide to setting up Exim, but this page has links to guides for Postfix and Sendmail, and mentions info about the required security parameters. https://docs.oracle.com/en-us/iaas/Content/Email/Tasks/configuresmtpconnection.htm Please let me know if you have any other doubt or concern.

If some body has an idea please help....

[connectnet]

I have the same problem sending emails with hestia and the oracle cloud email.
An # exinext email@domain.com shows:
Transport: smtp.email.eu-frankfurt-1.oci.oraclecloud.com :587 error -42: authentication required but no common mechanisms were found
I read this instruction several times:
https://blogs.oracle.com/cloud-infrastructure/post/step-by-step-instructions-to-send-email-with-oci-email-delivery
and I can send Emails with the Python script named ociemail.py.
But when I place my data into hestia Global relay it doesn't send emails.
Any ideas how to fix that problem?

[jaapmarcus]

https://forum.hestiacp.com/t/oracle-cloud-email-as-relay-doesnt-works/11304/19?u=eris

[connectnet]

Thats it! You made my day!!! 😅

######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################
begin authenticators

smtp_relay_login:
  driver = plaintext
#  public_name = LOGIN
  public_name = PLAIN
#  hide client_send = : SMTP_RELAY_USER : SMTP_RELAY_PASS
   hide client_send = ^SMTP_RELAY_USER^SMTP_RELAY_PASS

[jaapmarcus]

Thats it! You made my day!!! 😅

######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################
begin authenticators

smtp_relay_login:
  driver = plaintext
#  public_name = LOGIN
  public_name = PLAIN
#  hide client_send = : SMTP_RELAY_USER : SMTP_RELAY_PASS
   hide client_send = ^SMTP_RELAY_USER^SMTP_RELAY_PASS

Have made a PR to include it in the docs ... Will close the issue