Table of Contents
exim
Increase timeout for delay warning messages
In case exim can not deliver a mail, it informs the sender by sending a warning message. To send out those messages only after a mail could not be delivered for 15 days, add the line
delay_warning = 15d
somewhere close to
timeout_frozen_after = ...
in exims configuration file. The latter does - at least on debian systems - already exist. On Debian systems, there is no exim4.conf
file. You have to edit exim4.conf.template
instead and run update-exim2.conf
afterwards.
Expunge undeliverable mails
exim4 -Mg <Message-Id>
Virtual domains with exim4 on Debian
Place virtual hosts alias files (like /etc/aliases
) in /etc/exim4/virtual/
with it's name being the domain name. I.e. for domain example.com it would be the file /etc/exim4/virtual/example.com
.
Create the file /etc/exim4/conf.d/router/350_local_virtual
:
virtual: driver = redirect allow_defer allow_fail domains = dsearch;/etc/exim4/virtual data = ${expand:${lookup{$local_part}lsearch*@{/etc/exim4/virtual/$domain}}} retry_use_local_part pipe_transport = address_pipe file_transport = address_file no_more
Then run
update-exim4.conf.template -r /etc/init.d/exim4 restart
You must not have a virtual domain name for the “system mail name” as configured with dpkg-reconfigure exim4-config
as this will screw up delivery to local addresses.
Use a debian server with exim4 as a incoming(!) smart host for dialup systems
- Put your routing in
/etc/exim4/hubbed_hosts
(Will be used by standard debian exim configuration automatically)
mydomain.com mail.mydomain.intern
(provided that mail.domain.intern resolves to an ip address by /etc/host
or an internal DNS)
- Create a new file for your domain specific retry schedule
/etc/exim4/conf.d/retry/35_local
# Address or Domain Error Retries # ----------------- ----- ------- *.mydomain.com * F,1h,5m;F,2d,1h;F,999d,1d *.mydomain.intern * F,1h,5m;F,2d,1h;F,999d,1d
- Increase the time until the server will send warning messages, as the dialup computer may be offline for several days by creating a new file
/etc/exim4/conf.d/main/02_local_options
delay_warning = 15d
- Run
update-exim4.conf.template -r /etc/init.d/exim4 restart
Creating local accounts to authenticate against for as outgoing smart host on debian
exim-adduser
Use /usr/share/doc/exim4/examples/exim-adduser
to create users and set permissions of /etc/exim4/passwd
right afterwords
shadow
There seem to be other solutions using /etc/shadow
which require the exim user to be in the group shadow
mkpasswd
The files format is one user per line:
<uid>:<hashed password>:<cleartext password>:
The hashed password can be generated by mkpasswd -H md5 <cleartext password>
. The cleartext password is only needed when using CRAM-MD5 authentication.
mkpasswd for debian systems is available in the whois package.
References:
/usr/share/doc/exim4-config/README.Debian.gz
on your local debian installation
TLS with exim < 4.80 using GnuTLS on debian
vi /etc/exim4/conf.d/main/00_local_macros cp -vip /etc/ssl/private/myhostname.key /etc/exim4/ chgrp Debian-exim /etc/exim4/myhostname.key chmod o-rwx,g=r /etc/exim4/myhostname.key update-exim4.conf.template -r /etc/init.d/exim4 stop /etc/init.d/exim4 start # this will call update-exim4.conf
added lines to 00_local_macros
:
MAIN_TLS_ENABLE = 1 tls_require_ciphers = AES_256 : AES_128 : 3DES gnutls_require_protocols = TLS1 MAIN_TLS_CERTIFICATE = /etc/ssl/certs/myhostname.crt MAIN_TLS_PRIVATEKEY = CONFDIR/myhostname.key
The key is copied from /etc/ssl/private/
1) to /etc/exim4/
in order to set permissions, so Exim (and only Exim) can reed it.
Credits:
- www.schneiderp.de had an old exim documentation available
- Tests done with SSL-Tools
Enableing smtps/submissons on port 465 on debian Buster
- Enable TLS as described above
- /etc/exim4/conf.d/main/03_custom-config_tlsoptions
tls_on_connect_ports = 465
- run
dpkg-reconfigure exim4-config
and enter for the local interfaces the value
[0.0.0.0]:25;[0.0.0.0]:465
2) - restart exim4:
systemctl restart exim4
Enabling fail2ban for exim4 on Debian buster
apt install fail2ban fail2ban-client add exim-spam fail2ban-client start exim fail2ban-client start exim-spam
fail2ban-client
but create a section in /etc/fail2ban/jail.d/local.conf