Setting up exim4 for Google Apps SMTP in Debian Wheezy

Whenever I install a new system, I always have to look up how to set my servers and workstations to use Google’s SMTP server for sending outbound mail. At Digium I just used the Zimbra server, and it was simple. For my VPSes, workstations, and laptops, it’s more complicated. Nonetheless, it’s still straightforward to set up Google Apps’/GMail’s SMTP as my smarthost.

  1. exim4 should already be installed. To set it up to use Google’s SMTP server, run the following command:
    dpkg-reconfigure exim4-config
    1. The first choice is the “General type of mail configuration.” Since this server (and all of my workstations/laptops) don’t process any local mail, I chose “mail sent by smarthost; no local mail”.
    2. I used my system’s hostname as the system mail name (in this case, it was “betachunk”).
    3. For the IP address or hostname of the outgoing smarthost, I used “”
    4. I chose not to keep the DNS queries minimal, since most of my systems have an “always-on” connection.
    5. I decided not to split the configuration file into small files, to keep the system robust (small files can introduce breakage).
    6. I set the root and postmaster mail recipient to be my email address.
  2. Now that exim4 has its basic configuration, I can add my credentials.
    1. First I edited /etc/exim4/exim4.conf.template, and added the following after the line “.ifdef DCconfig_smarthost DCconfig_satellite”:
      send_via_gmail: driver = manualroute domains = ! +local_domains transport = gmail_smtp route_list = *

      …before the very next “.endif”.

    2. I then searched for this comment, and added the gmail_smtp section below it:
      ### transport/30_exim4-config_remote_smtp_smarthost ################################# ###### # GMail smtp gmail_smtp: driver = smtp port = 587 hosts_require_auth = $host_address hosts_require_tls = $host_address
    3. Next, I searched for “begin authenticators”, and added a section for gmail_login:
      begin authenticators ######### # GMail SMTP gmail_login: driver = plaintext public_name = LOGIN client_send = : :

      If you don’t use GMail’s two-factor authentication, you can substitute your actual GMail password there. Note that I use a dummy GMail account for all of my SMTP services, I don’t use my primary Google Account.

    4. Finally, I had to comment out the “login:” section at the end of the file since it conflicts with the gmail_login section (“public_name = LOGIN” can only appear once in the file).

    And that’s it for exim4.conf.template.

  3. I didn’t add anything to /etc/exim4/passwd.client.
  4. Finally, I could run the following commands to load the configuration:
    update-exim4.conf service exim4 restart # a reload may be sufficient

That’s it for the configuration. To test, I used the “mail” command from the shell:

mail Subject: Test Alpha Alpha Test .

That should send the message to my primary email address. If all goes well, I should receive a message with subject “Test Alpha” and body “Alpha Test”. When I was writing these instructions, I was configuring betachunk so I could document it as I went. It almost never happens, but this time the first test message got sent correctly, with no further configuration or troubleshooting necessary.

A note on my SMTP service testing: I use the Greek alphabet to label the test messages. I always start with alpha. I also start a running tail “tail -f /var/log/exim4/mainlog”, so I can verify that the system tried to send the message. Once I see the message has been sent successfully, I refresh my GMail inbox until the message arrives, completing the circuit. In this case I checked the email headers (“show original” in Gmail) to ensure it came from betachunk.

Should mainlog show an error, I investigate the problem, making the requisite changes. Then I send the next message, with the next Greek letter. Unfortunately my recollection of the Greek alphabet is rather spotty, so after the first five or six letters I just pick them at random.

And there you have it! Hopefully I won’t have to do this again for a while.