3922
Comment: Initial page
|
7881
TLS on Port 465 option added
|
Deletions are marked like this. | Additions are marked like this. |
Line 2: | Line 2: |
||<tablestyle="width: 100%;" style="border: 0px hidden">~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[it/PostgreSql|Italiano]] - [[ru/Pan|Русский]] -~||<style="text-align: right;border: 0px hidden"> (!) [[Pan/Discussion|Discussion]]|| | ~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[it/Exim|Italiano]] -~ |
Line 6: | Line 6: |
== Exim Overview == | = Exim Overview = |
Line 10: | Line 10: |
== Installation == | = Installation = |
Line 17: | Line 17: |
== Configuration == This configuration is tested in a could server and suitable for internal use: |
= Configuration = This configuration is tested in a could server and '''suitable for internal use''': |
Line 37: | Line 36: |
This is write the configuration in your - ''/etc/exim4/update-exim4.conf.conf'' === TLS and Authentication === |
This writes the configuration in your - ''/etc/exim4/update-exim4.conf.conf'' == TLS and Authentication == |
Line 60: | Line 59: |
=== Install diagnostic tools === | == Install diagnostic tools == |
Line 92: | Line 91: |
=== Authentication === |
Some ISP may block connecting to port 25, and also some broken clients insist TLS on Port 465. To support these, change ''/etc/default/exim4'' as: {{{ SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid' }}} Also edit ''/etc/exim4/exim4.conf.template'': {{{ ##################################################### ### main/03_exim4-config_tlsoptions ##################################################### tls_on_connect_ports=465 ### main/03_exim4-config_tlsoptions ################################# }}} Check [[http://pkg-exim4.alioth.debian.org/README/README.Debian.html#TLS| pkg-exim4.alioth.debian.org README]] for details. == User Authentication == |
Line 111: | Line 128: |
edit ''/etc/exim4/exim4.conf'' and '''uncomment''' the following line authentication via saslauthd: | edit ''/etc/exim4/exim4.conf'' and '''uncomment''' the following lines for the authentication via saslauthd: |
Line 144: | Line 161: |
== Spam scanning == There are several ways to detect spam. Exim has default configuration for '''spamassassin''' '''''(exim4-daemon-heavy required)'''''. {{{ #apt-get install spamassassin }}} edit ''/etc/default/spamassassin'' {{{ ENABLED=1 }}} start the deamon: {{{ /etc/init.d/spamassassin start }}} edit ''/etc/exim4/exim4.conf.template'' '''uncomment''' or change according to your configuration: {{{ # For spam scanning, there is a similar option that defines the interface to # SpamAssassin. You do not need to set this if you are using the default, which # is shown in this commented example. As for virus scanning, you must also # modify the acl_check_data access control list to enable spam scanning. spamd_address = 127.0.0.1 783 }}} edit ''/etc/exim4/exim4.conf.template'' add '''spam header''' in the '''''acl_check_data''''' section: {{{ ### acl/40_exim4-config_check_data ################################# # This ACL is used after the contents of a message have been received. This # is the ACL in which you can test a message's headers or body, and in # particular, this is where you can invoke external virus or spam scanners. acl_check_data: ... ... ... # See the exim docs and the exim wiki for more suitable examples. # # warn # spam = Debian-exim:true # add_header = X-Spam_score: $spam_score\n\ # X-Spam_score_int: $spam_score_int\n\ # X-Spam_bar: $spam_bar\n\ # X-Spam_report: $spam_report # put headers in all messages (no matter if spam or not) warn spam = nobody:true add_header = X-Spam-Score: $spam_score ($spam_bar) add_header = X-Spam-Report: $spam_report # add second subject line with *SPAM* marker when message # is over threshold warn spam = nobody add_header = Subject: ***SPAM (score:$spam_score)*** $h_Subject: }}} Check [[http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html|exim wiki]], [[http://pr0d.planetlarg.com/mediawiki/index.php?title=Install_spamassassin&redirect=no|pr0d.planetlarg.com]] for details information. To test you ''spamassassin'' setup follow spamassassin [[http://spamassassin.apache.org/tests.html|test]] and [[http://spamassassin.apache.org/gtube/|gtube]]. == Exim Access control lists (ACL) == Exim provides flexible way to set access control list. Exim ACL documentation can be found [[http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html|here]]. For example, if we are trying to deny all the mails from 3 free e-mail service provider (domain1.com, domain2.com, domain3.com) based on the mail's received header from their server, we can use the following lines: {{{ deny condition = ${if match{$h_Received:}{\N\.(domain1|domain2|domain3)\.com\N}{yes}{no}} message = This mailbox does not support free e-mail services. }}} = Debian Exim4 User FAQ = There is a Wiki page with [[PkgExim4UserFAQ|Debian Exim4 User FAQ]]. |
|
Line 146: | Line 249: |
See: | = See also = |
Line 152: | Line 255: |
* [[http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html| Exim Access control lists]] * [[http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html| Exim Content scanning at ACL time]] * [[http://spamassassin.apache.org/]] * [[http://pr0d.planetlarg.com/mediawiki/index.php?title=Install_spamassassin&redirect=no|pr0d.planetlarg.com]] * [[http://pkg-exim4.alioth.debian.org/README/README.Debian.html#TLS| pkg-exim4.alioth.debian.org README]] |
Translation(s): English - Italiano
Exim Overview
Exim is a message transfer agent (MTA).
Installation
Exim generally comes with default Debian installation. If you need to use ACL and other features you may need to install exim4-daemon-heavy
#apt-get install exim4-daemon-heavy
Configuration
This configuration is tested in a could server and suitable for internal use:
#dpkg-reconfigure exim4-config
General type of mail configuration: internet site; mail is sent and received directly using SMTP. System mail name: yourdomain.com IP-addresses to listen on for incomming SMTP connections: // leave blank Other destinations for which mail is accepted: yourdomain.com Domains to relay mail for: // leave blank Machines to relay mail for: // leave blank Keep number of DNS-queries minimal (Dial-on-Demand) ?: No Delivery method for local mail: Maildir format in home directory Split configuration into small files ? : No
This writes the configuration in your - /etc/exim4/update-exim4.conf.conf
TLS and Authentication
Generate a certificate using:
#bash /usr/share/doc/exim4-base/examples/exim-gencert
It will generate exim.crt and exim.key in /etc/exim4/
You may simply copy certificates if you have bought it earlier.
Edit /etc/exim4/exim4.conf.template
add the following line before .ifdef MAIN_TLS_ENABLE
MAIN_TLS_ENABLE = yes
Install diagnostic tools
#apt-get install swaks libnet-ssleay-perl
Test the connection:
$swaks -a -tls -q HELO -s localhost -au your_user -ap '<>' === Trying localhost:25... === Connected to localhost. <- 220 debianwb ESMTP Exim 4.76 Thu, 04 Aug 2011 14:22:02 +0600 -> EHLO debianwb <- 250-debianwb Hello localhost [127.0.0.1] <- 250-SIZE 52428800 <- 250-PIPELINING <- 250-STARTTLS <- 250 HELP -> STARTTLS <- 220 TLS go ahead === TLS started w/ cipher DHE-RSA-AES256-SHA ~> EHLO debianwb <~ 250-debianwb Hello localhost [127.0.0.1] <~ 250-SIZE 52428800 <~ 250-PIPELINING <~ 250 HELP ~> QUIT <~ 221 evie closing connection
We are sending an empty pass while testing swaks.
Some ISP may block connecting to port 25, and also some broken clients insist TLS on Port 465.
To support these, change /etc/default/exim4 as:
SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'
Also edit /etc/exim4/exim4.conf.template:
##################################################### ### main/03_exim4-config_tlsoptions ##################################################### tls_on_connect_ports=465 ### main/03_exim4-config_tlsoptions #################################
Check pkg-exim4.alioth.debian.org README for details.
User Authentication
Now, we will add authentication schema. For the shell users we are using SASL, which uses PAM for password authentication.
#apt-get install sasl2-bin
edit /etc/default/saslauthd to enable saslauth
START=yes
start the deamon:
#/etc/init.d/saslauthd start
edit /etc/exim4/exim4.conf and uncomment the following lines for the authentication via saslauthd:
plain_saslauthd_server: driver = plaintext public_name = PLAIN server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}} server_set_id = $auth2 server_prompts = : .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} .endif
Add exim to sasl group
#adduser Debian-exim sasl
Restart exim:
#/etc/init.d/exim4 restart
Test the connection using your username:
#swaks -a -tls -q AUTH -s localhost -au your_user Password:
Enable IMAP access by installing Courier-Imap or similar MTA
Spam scanning
There are several ways to detect spam.
Exim has default configuration for spamassassin (exim4-daemon-heavy required).
#apt-get install spamassassin
edit /etc/default/spamassassin
ENABLED=1
start the deamon:
/etc/init.d/spamassassin start
edit /etc/exim4/exim4.conf.template uncomment or change according to your configuration:
# For spam scanning, there is a similar option that defines the interface to # SpamAssassin. You do not need to set this if you are using the default, which # is shown in this commented example. As for virus scanning, you must also # modify the acl_check_data access control list to enable spam scanning. spamd_address = 127.0.0.1 783
edit /etc/exim4/exim4.conf.template add spam header in the acl_check_data section:
### acl/40_exim4-config_check_data ################################# # This ACL is used after the contents of a message have been received. This # is the ACL in which you can test a message's headers or body, and in # particular, this is where you can invoke external virus or spam scanners. acl_check_data: ... ... ... # See the exim docs and the exim wiki for more suitable examples. # # warn # spam = Debian-exim:true # add_header = X-Spam_score: $spam_score\n\ # X-Spam_score_int: $spam_score_int\n\ # X-Spam_bar: $spam_bar\n\ # X-Spam_report: $spam_report # put headers in all messages (no matter if spam or not) warn spam = nobody:true add_header = X-Spam-Score: $spam_score ($spam_bar) add_header = X-Spam-Report: $spam_report # add second subject line with *SPAM* marker when message # is over threshold warn spam = nobody add_header = Subject: ***SPAM (score:$spam_score)*** $h_Subject:
Check exim wiki, pr0d.planetlarg.com for details information.
To test you spamassassin setup follow spamassassin test and gtube.
Exim Access control lists (ACL)
Exim provides flexible way to set access control list. Exim ACL documentation can be found here.
For example, if we are trying to deny all the mails from 3 free e-mail service provider (domain1.com, domain2.com, domain3.com) based on the mail's received header from their server, we can use the following lines:
deny condition = ${if match{$h_Received:}{\N\.(domain1|domain2|domain3)\.com\N}{yes}{no}} message = This mailbox does not support free e-mail services.
Debian Exim4 User FAQ
There is a Wiki page with Debian Exim4 User FAQ.