a man 5 exim4_passwd_client -t nezted?
contains account and password data for SMTP authentication when exim is authenticating as a client to some remote server.
The file should contain lines of the form
which will cause exim to use login-user-name and password when sending messages to a server with the canonical host name target.mail.server.example. Please note that this does not configure
the mail server to send to (this is determined in Debconf), but only creates the correlation between host name and authentication credentials to avoid exposing passwords to the wrong host.
Please note that target.mail.server.example is currently the value that exim can read from reverse DNS: It first follows the host name of the target system until it finds an IP address, and
then looks up the reverse DNS for that IP address to use the outcome of this query (or the IP address itself should the query fail) as index into /etc/exim4/passwd.client.
This goes inevitably wrong if the host name of the mail server is a CNAME (a DNS alias), or the reverse lookup does not fit the forward one.
Currently, you need to manually lookup all reverse DNS names for all IP addresses that your SMTP server host name points to, for example by using the host command. If the SMTP smarthost
alias expands to multiple IPs, you need to have multiple lines for all the hosts. When your ISP changes the alias, you will need to manually fix that.
You may minimize this trouble by using a wild card entry or regular expressions, thus reducing the risk of divulging the password to the wrong SMTP server while reducing the number of neces‐
sary lines. For a deeper discussion, see the Debian BTS #244724.
password is your SMTP password in clear text. If you do not know about your SMTP password, you can try using your POP3 password as a first guess.
This file must be readable for the Debian-exim user and should not be readable for others. Recommended file mode is root:Debian-exim 640.
# example for CONFDIR/passwd.client
# this will only match if the server's generic name matches exactly
# this will deliver the password to any server
# this will deliver the password to servers whose generic name ends in
# this will deliver the password to servers whose generic name matches
# the regular expression