First, let me start off by saying I don’t have an answer to why GMail throws a “
530-5.5.1 Authentication Required. Learn more at http://support.google.com/mail/bin/answer.py?answer=14257“, specifically the “y u no.” I don’t know. But I combined several searches into a workaround that appears to be getting mail through, though it’s coming from my GMail username and not the username actually sending mail from the Exim4 equipped Debian box.
Why use GMail as an Exim4 smarthost in the first place?
The most likely use case for doing this is so you can use something like apticron, or otherwise get emails from sad scripts on your doorstop server sent to someplace where you’ll actually see them. Thus, I’ll assume you don’t care that they appear to come from email@example.com rather than firstname.lastname@example.org or whatever. (In my experience with non-gmail Exim “smarthost” setups, emails do appear to come from their proper source.)
There are a couple other reasons to use GMail as an Exim smarthost: maybe you don’t have another email provider yet (though you should, and fully non-US), or maybe you have a great email provider who doesn’t yet support app-specific passwords.
To me, app-specific passwords are GMail’s killer app in providing SMTP smarthost service to random Linux boxes that might get pwned eventually.
You do not want your real email password in /etc/exim4/passwd.client. NO NO NO. If you are doing that, stop it right now and either use GMail or another provider which supports app-specific passwords, or a throwaway account. Why? Because if that machine gets cracked and the cracker gets your real email password? You’re done. Game over, man. Game over.
Best practice for using GMail as an Exim SMTP “smarthost”
- For each machine where you do this, set up an app-specific password in the Google account you want to use. You should make a different password for every machine so you can revoke passwords for decommissioned or hacked machines.
dpkg-reconfigure exim4-configas root, and set it to be a “smarthost” using
smtp.gmail.com::587as the SMTP server.
/etc/exim4/passwd.clientto contain the following (herein lies the magic workaround which I don’t care to research further to explain why it works):
- As root,
service exim4 restart
- Then, you might want to do something to test it, like this 1970s command. Test this as a normal user AND as root, since root often has forwards set up in that
dpkg-reconfigurestep (or elsewhere, like
~/.forward) that you might need to work on separately.
mail -s 'lol test subject' email@example.com
Now, type some stuff, and to send the mail, enter a period by itself on a blank line (I told you it was 70s).
- The mail should go through. (If you have problems with root, or with scripts that mail root, sometimes so do I and maybe I’ll come back and update this post.) Just be aware that greylisting and other anti-spam techniques may cause your mail, especially when Google and your own receiving email provider aren’t “accustomed” to seeing it from this source, to be delayed or marked as spam. Be patient, and check the spam folder.