Exim Overview

Exim is a message transfer agent (MTA).


Exim generally comes with default Debian installation. If you need to use ACL and other features you may need to install exim4-daemon-heavy

#apt-get install exim4-daemon-heavy


This configuration is tested in a could server and suitable for internal use:

#dpkg-reconfigure exim4-config

General type of mail configuration:  internet site; mail is sent and received directly using SMTP.
System mail name:
IP-addresses to listen on for incomming SMTP connections: // leave blank
Other destinations for which mail is accepted:
Domains to relay mail for: // leave blank
Machines to relay mail for: // leave blank
Keep number of DNS-queries minimal (Dial-on-Demand) ?: No
Delivery method for local mail: Maildir format in home directory
Split configuration into small files ? : No

This is write the configuration in your - /etc/exim4/update-exim4.conf.conf

TLS and Authentication

Generate a certificate using:

#bash /usr/share/doc/exim4-base/examples/exim-gencert

It will generate exim.crt and exim.key in /etc/exim4/

You may simply copy certificates if you have bought it earlier.

Edit /etc/exim4/exim4.conf.template

add the following line before .ifdef MAIN_TLS_ENABLE


Install diagnostic tools

#apt-get install swaks libnet-ssleay-perl

Test the connection:

$swaks -a -tls -q HELO -s localhost -au your_user -ap '<>'
 === Trying localhost:25...
 === Connected to localhost.
 <-  220 debianwb ESMTP Exim 4.76 Thu, 04 Aug 2011 14:22:02 +0600
  -> EHLO debianwb
 <-  250-debianwb Hello localhost []
 <-  250-SIZE 52428800
 <-  250-STARTTLS
 <-  250 HELP
 <-  220 TLS go ahead
 === TLS started w/ cipher DHE-RSA-AES256-SHA
  ~> EHLO debianwb
 <~  250-debianwb Hello localhost []
 <~  250-SIZE 52428800
 <~  250 HELP
  ~> QUIT
 <~  221 evie closing connection

We are sending an empty pass while testing swaks.


Now, we will add authentication schema. For the shell users we are using SASL, which uses PAM for password authentication.

#apt-get install sasl2-bin

edit /etc/default/saslauthd to enable saslauth


start the deamon:

#/etc/init.d/saslauthd start

edit /etc/exim4/exim4.conf and uncomment the following line authentication via saslauthd:

    driver = plaintext
    public_name = PLAIN
    server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
    server_set_id = $auth2
    server_prompts = :
    server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}

Add exim to sasl group

#adduser Debian-exim sasl

Restart exim:

#/etc/init.d/exim4 restart

Test the connection using your username:

#swaks -a -tls -q AUTH -s localhost -au your_user

Enable IMAP access by installing Courier-Imap or similar MTA