Sending Mail from Google Cloud

Using DirectAdmin and Exim

Sending mail should be easy, right? Besides a functional website, being able to communicate with visitors is essential. I don’t have systems admin skills, so I rely on panels such as CPanel, CyberPanel and DirectAdmin. The process with any and all of these panels is pretty simple, unless a sever blocks outbound port 25, which is exactly what Google Cloud does.

Exim, Postfix and Dovecot

Generally, webmasters that want to be able to send and receive emails need to be concern with two classes of software. You need an email server and a mail transfer agent (MTA). Dovecot is arguably the most commonly used opensource email server. All panels do a good job configuring Dovecot, which communicates with email clients like Outlook and Thunderbird using IMAP or POP3 protocols that send emails over ports 2525, 587 and 465, and receive emails using ports 143, 993, 110 or 995. None of these ports are blocked by internet service providers or Google Cloud for that matter.

Exim and Postfix are MTAs, and communication between the sending and receiving MTAs takes place over port 25. While it’s possible to communicate with an email server hosted on Google Cloud, the MTA hosted on that network cannot communicate with other MTAs over port 25.

SendGrid to the Rescue?

To get around the port 25 block, Google Cloud struck a deal with SendGrid, which acts as an intermediary. Explaining how to set up SendGrid and domain name servers is beyond the scope of this article, but I will explain how to configure SendGrid on Exim using DirectAdmin (the same configuration would work with CPanel).

After logging in as root, you need to download three Exim configuration files:

wget -O /etc/exim.routers.pre.conf http://files.directadmin.com/services/SpamBlocker/smart_route/exim.routers.pre.conf

wget -O /etc/exim.transports.pre.conf http://files.directadmin.com/services/SpamBlocker/smart_route/exim.transports.pre.conf

wget -O /etc/exim.authenticators.post.conf http://files.directadmin.com/services/SpamBlocker/smart_route/exim.authenticators.post.conf

Then use your favorite editor to open and edit each configuration file:

nano exim.routers.pre.conf

The contents of the pre routers file should look like the below:

smart_route:
     driver = manualroute
     domains = ! +local_domains
     ignore_target_hosts = 127.0.0.0/8
     condition = "${perl{check_limits}}"

     #use remote_smtp only if you do not need smtp-auth.
     #transport = remote_smtp

     #use auth_relay if you do need to set the remote smtpauth
     transport = auth_relay

     route_list = * smtp.sendgrid.net::587
     no_more

Next, we need to edit the pre transports file:

nano exim.transports.pre.conf

The contents of the pre transports file should look like the below:

auth_relay:
    driver = smtp
    port = 25
    hosts_require_auth = $host_address
    hosts_require_tls = $host_address
    headers_add = "${if def:authenticated_id{X-Authenticated-Id: ${authenticated_id}}}"
    interface = <; ${if exists{/etc/virtual/domainips}{${lookup{$sender_address_domain}lsearch*{/etc/virtual/domainips}}}}
    helo_data = ${if exists{/etc/virtual/helo_data}{${lookup{$sending_ip_address}iplsearch{/etc/virtual/helo_data}{$value$
    hosts_try_chunking =
    hosts_try_fastopen =
.include_if_exists /etc/exim.dkim.conf

Note: The above should be the default configuration file.

Finally, we need to edit the post authenticators file:

nano exim.authenticators.post.conf

The contents of the post authenticators file should look like the below:

auth_login:
    driver = plaintext
    public_name = LOGIN
    #replace your@email and yourpass
    #hide client_send = : your@email.com : yourpass
    hide client_send = : apikey : SG.followed-by-the-key-you-received-from-sendgrid

Note: You need to enter API key received from SendGrid in the above configuration file.

After saving each of these files, the only thing left to do is restart Exim, which on a RedHat, Centos, Rocky Linux or AlmaLinux based server would take the following form:

systemctl restart exim.service

Leave a Comment