About me

I currently work with Freexian as a LTS administrator and coordinator. My Debian volunteer efforts are around packaging the Swedish dictionary, TPMFactoryUpd, and flict.

I currently help maintain the Debian Derivative "PureOS"

Contact information

email: jeremiah @ jeremiahfoster.com

Debian documentation

"Debian on the Toshiba AC100"
"Debian on the Acer One"
"Building mod_parrot on debian"
"Working with MeeGo tools in Debian"
"Dovecot secure IMAP server"



Configuring Exim4

This is a general guide to configuring certain parts of exim4 on debian. I do not recommend that you use it as your canonical source for working with exim on debian. :)

Exim is the default MTA with debian. In order to install exim as an "internet" configuration, along with virus and spam checking as well as proper authentication and authorization mechanisms, we will need the fuller version of exim. That debian package is called exim4-daemon-heavy and can be installed this way;

apt-get -y install exim4-daemon-heavy

When installing it with apt-get you will be asked a series of question regarding what type of exim installation you want for your particular location. This document illustrates how to configure the "internet" configuration. If you want to use another configuration you can run

dpkg-reconfigure exim4-config

and re-set your exim configuration from the beginning.Once you have the ncurses based interface in front of you, called either by apt-get install or dpkg-reconfigure, it is time to answer some questions regarding what kind of exim4 installation you want.

The first question is do you want to split the configuration into small files?

You can say yes or no here depending on your preferences. From the exim4 config: "The former is better suited for large modifications and is generally more stable, whereas the latter offers a comfortable way to make smaller modifications but is more fragile and might break if modified extensively. "

I prefer the 'monolithic' file so I would answer no here. No means that the configuration file will _not_ get split into many smaller files.

The second question is which type of mail configuration you want with a list of types. There are six choices, for this document we are using the "internet site: mail is sent and received directly using smtp".


(The following snippets are not organized in any particular fashion.)

Specific tasks I want to document:

  1. Blacklist known spam hosts locally
  2. Checking data at SMTP time
  3. Getting exim to put mail in Maildir instead of on the spool (useful for IMAP)
  4. Setting up "Virtual Hosts" with exim4

1 When trying to stop a domain name [rima-tde.net] from sending spam to my server. I followed the document /usr/share/doc/exim4-config/default-acl to configure my exim4.conf.template. The default-acl document says;

/etc/exim4/local_host_blacklist contains a list of IP addresses, networks and host names whose messages will be denied with the error message "locally blacklisted". This is a full exim 4 host list. Again, negative items can be used here, and there is also an explicit whitelist read in from /etc/exim4/local_host_whitelist, and whitelist entries override blacklistings.

So my /etc/exim4/local_host_blacklist looks like this:


Yet when I do this to fake a SMTP connection;

exim -bh

The blacklisting fails. Here is the relevant snippet from the debugging output:

>>> check hosts = ${if exists{/etc/exim4/local_host_blacklist}{/etc/exim4/local_host_blacklist}{}}
>>> no IP address found for host rima-tde.net (during SMTP connection from 24.red-80-25-220.staticip.rima-tde.net (localhost) [])
LOG: no IP address found for host rima-tde.net (during SMTP connection from 24.red-80-25-220.staticip.rima-tde.net (localhost) [])
>>> host in "/etc/exim4/local_host_blacklist"? no (failed to find IP address for rima-tde.net)
>>> deny: condition test failed

The blacklist was failing because this blacklists the host rima-tde.net. resolves to 24.red-80-25-220.staticip.rima-tde.net, which is not an exact match with rima-tde.net. So one has to use *.rima-tde.net in /etc/exim4/local_host_blacklist

2. If one is running exim4 from the exim4-daemon-heavy package with a single configuration file, virus and spam scanning are built in. All one needs to do is download, install and configure clamav and spamassassin. Then configure the exim4 config file; /etc/exim4/exim4.conf.template.

One can simple follow Exim's web site instructions here: http://www.exim.org/exim-html-4.60/doc/html/spec.html/ch40.html to find useful acls to add to one's configuration file.

3. If you want to use the Maildir format, which is apparently better than the spool file because of additional features, you have to change your configuration. Start with editing the specific line which says: LOCAL_DELIVERY=DEBCONFlocaldeliveryDEBCONF Change that line so that it reads;


This will get exim to delivery to the directory /home/<user_name>/Maildir/

4. You have more than one domain that you want to serve mail for, just like you serve web pages for more than one domain. In the web server world this is called "Virtual Hosts" but in the exim world that term is frowned on. Mostly because it is not an accurate description of what is happening. In any case, how does one set up exim to deliver mail to two different domain names (i.e. online.com and online2.com) on the same host?

Well, the first thing you need to do is make sure your DNS settings are correct. Lets say online.com is the domain you are using and you want to add online2.com to your exim set up, what is online.com's MX setting? You should know this in advance because you have already set up exim for online.com, but if you do not know this, you can use dig like this:

dig -t MX online.com

This will return the mail exchange record (MX) for online.com, use that for online2.com.

Once you have set up your DNS, you have to then set up exim to respond to mail for online2.com. There is a section in the exim official documentation (spec.txt) on virtual domains. The section is section 46.6 and is short so you should read it before you begin. We are going to set up here the second kind of virtual host described in the documentation;

* One of a number of independent domains that are all handled by the same host, with mailboxes on that host

To enable this, we need to set up a router and a transport. A router decides where a particular email should go, a transport takes it there. Routers are processed in order, therefor it is important to place them in the order in which you want them performed in the configuration file. A transport works independently, so it does not matter where it is placed in the configuration file. The router specified by the documentation for virtual domains is this one:

  driver = accept
  domains = dsearch;/etc/mail/domains
  local_parts = lsearch;/etc/mail/domains/$domain
  transport = my_mailboxes

Simply copy the entire router and place it in your exim.conf.template file in the routers section. I placed this router after the hubbed hosts router but before the main router. I called it 151_my_domains but you can call it whatever you want based on your configuration scheme. Routers are of course processed in order of their appearance so if you place this router in the wrong place exim might never see it.

If we look at the router carefully we can see that it has various parts, each part being a line which is evaluated by exim in order of appearance. First the line called my_domains appears, this is the name of the router. You can keep this name or change it as you wish. The next line is the driver which is set to 'accept' here, that's good because that is what we want to do, accept the mail. The next line is domains and it is set to use dsearch to look in a particular directory; /etc/mail/domains/. If you do not have this directory, create it. Then the local_parts line comes next, it is set to lsearch and it too looks in the same directory, but this time for a file called online2.com. So if you have a file called /etc/mail/domains/online2.com, exim will look in that file for the local address which is the part before the '@' symbol. For example, if we want to get mail for webmaster@online2.com we put the string 'webmaster' in the file /etc/mail/domains/online2.com. Now we need to define the transport which is the final line of the router stanza; transport = my_mailboxes.

The transport from the documentation looks like this:

  driver = appendfile
  file = /var/mail/$domain/$local_part
  user = mail

You put this transport in the transport section, logically enough. Remember that it has to be called the same name you specified in the router otherwise exim will not find it, we are keeping the name specified in the docs here: my_mailboxes. It's driver is appendfile, which appends the mail to a file, and the file used in this case is /var/mail/online2.com/webmaster. The last line specifies the user that will do this work, that user of course has to have write permission to the /var/mail directory since we may have to create files and directories there and at the least will have to append to files.

Once these two stanzas are set up in your exim.conf file, you can test them by sending mail to webmaster@online2.com and see if there is a file called /var/mail/online2.com/webmaster. If so, read it and if it contains the text you sent, you have successfully set up virtual hosts with exim.

Because I do not use the default exim4 configuration under debian, I needed to install the greylistd package differently. I started out with  aptitude install greylistd , but that brought in a whole load of default exim4 stuff which I do not want because I already have exim running and configured the way I like it. So I used  apt-get source  instead. Using apt-get this way gives me an ubuilt debian package that I can now build myself. I built the greylistd package with  dpkg-buildpackge  in the greylistd-0.8.7 dir which built a deb that I installed with  dpkg -i greylistd_0.8.7_all.deb .

Now that I have greylistd installed, I have to configure it for my setup. Fortunately for me, the people who created the scripts that come with greylistd realized that some people might not be running the standard debian exim isntallation! So you can just call their script with your parameters, and I did it like this:

greylistd-setup-exim4 add configure acl_check_rcpt
greylistd-setup-exim4 add configure acl_check_data

and then my exim configuration file had those acls populated with new text. Inside the acl stanzas themselves was a line that I assume

unknown ACL verb "acl_local_deny_exceptions" in "acl_local_deny_exceptions" }}}