Skip to content

Latest commit

 

History

History
74 lines (47 loc) · 4.52 KB

exim-relay.md

File metadata and controls

74 lines (47 loc) · 4.52 KB

Exim-relay

Various services need to send out email.

The default playbook configuration (examples/vars.yml) recommends that you enable the Exim relay SMTP mailer service (powered by exim-relay and the ansible-role-exim-relay Ansible role). Enabling this service automatically wires various other services to send email through it. Exim-relay then gives you a centralized place for configuring email-sending.

The Ansible role for exim-relay is developed and maintained by the MASH project. For details about configuring exim-relay, you can check them via:

Configuration

To enable this service, add the following configuration to your vars.yml file and re-run the installation process:

########################################################################
#                                                                      #
# exim_relay                                                           #
#                                                                      #
########################################################################

exim_relay_enabled: true

exim_relay_hostname: mash.example.com

exim_relay_sender_address: "someone@{{ exim_relay_hostname }}"

########################################################################
#                                                                      #
# /exim_relay                                                          #
#                                                                      #
########################################################################

Enable DKIM authentication to improve deliverability (optional)

By default, exim-relay attempts to deliver emails directly. This may or may not work, depending on your domain configuration.

To improve email deliverability, you can configure authentication methods such as DKIM (DomainKeys Identified Mail), SPF, and DMARC for your domain. Without setting any of these authentication methods, your outgoing email is most likely to be quarantined as spam at recipient's mail servers.

For details about configuring DKIM, refer this section on the role's documentation.

💡 If you cannot enable DKIM, SPF, or DMARC on your domain for some reason, we recommend relaying email through another SMTP server.

Relaying email through another SMTP server (optional)

On some cloud providers such as Google Cloud, port 25 is always blocked, so sending email directly from your server is not possible. In this case, you will need to relay email through another SMTP server.

For details about configuration, refer this section on the role's document.

Using a per-service sender address (optional)

By default, all roles that this playbook wires to exim-relay will all be configured to send emails using a From address as configured in exim_relay_sender_address.

To configure a given service to use another sender address, override the specific variables for the given service.

For example, to make Vaultwarden (automatically wired to send via exim-relay if you have it enabled) send emails from a custom address (instead of the default, exim_relay_sender_address), add the following configuration to your vars.yml file:

vaultwarden_config_smtp_from: [email protected]

Troubleshooting

See this section on the role's documentation for details.