In case exim can not deliver a mail, it informs the sender by sending a warning message. To send out those messages only after a mail could not be delivered for 15 days, add the line
delay_warning = 15d
somewhere close to
timeout_frozen_after = ...
in exims configuration file. The latter does - at least on debian systems - already exist. On Debian systems, there is no exim4.conf
file. You have to edit exim4.conf.template
instead and run update-exim2.conf
afterwards.
exim4 -Mg <Message-Id>
Place virtual hosts alias files (like /etc/aliases
) in /etc/exim4/virtual/
with it's name being the domain name. I.e. for domain example.com it would be the file /etc/exim4/virtual/example.com
.
Create the file /etc/exim4/conf.d/router/350_local_virtual
:
virtual: driver = redirect allow_defer allow_fail domains = dsearch;/etc/exim4/virtual data = ${expand:${lookup{$local_part}lsearch*@{/etc/exim4/virtual/$domain}}} retry_use_local_part pipe_transport = address_pipe file_transport = address_file no_more
Then run
update-exim4.conf.template -r /etc/init.d/exim4 restart
You must not have a virtual domain name for the “system mail name” as configured with dpkg-reconfigure exim4-config
as this will screw up delivery to local addresses.
/etc/exim4/hubbed_hosts
(Will be used by standard debian exim configuration automatically)mydomain.com mail.mydomain.intern
(provided that mail.domain.intern resolves to an ip address by /etc/host
or an internal DNS)
/etc/exim4/conf.d/retry/35_local
# Address or Domain Error Retries # ----------------- ----- ------- *.mydomain.com * F,1h,5m;F,2d,1h;F,999d,1d *.mydomain.intern * F,1h,5m;F,2d,1h;F,999d,1d
/etc/exim4/conf.d/main/02_local_options
delay_warning = 15d
update-exim4.conf.template -r /etc/init.d/exim4 restart
Use /usr/share/doc/exim4/examples/exim-adduser
to create users and set permissions of /etc/exim4/passwd
right afterwords
There seem to be other solutions using /etc/shadow
which require the exim user to be in the group shadow
The files format is one user per line:
<uid>:<hashed password>:<cleartext password>:
The hashed password can be generated by mkpasswd -H md5 <cleartext password>
. The cleartext password is only needed when using CRAM-MD5 authentication.
mkpasswd for debian systems is available in the whois package.
References:
/usr/share/doc/exim4-config/README.Debian.gz
on your local debian installationvi /etc/exim4/conf.d/main/00_local_macros cp -vip /etc/ssl/private/myhostname.key /etc/exim4/ chgrp Debian-exim /etc/exim4/myhostname.key chmod o-rwx,g=r /etc/exim4/myhostname.key update-exim4.conf.template -r /etc/init.d/exim4 stop /etc/init.d/exim4 start # this will call update-exim4.conf
added lines to 00_local_macros
:
MAIN_TLS_ENABLE = 1 tls_require_ciphers = AES_256 : AES_128 : 3DES gnutls_require_protocols = TLS1 MAIN_TLS_CERTIFICATE = /etc/ssl/certs/myhostname.crt MAIN_TLS_PRIVATEKEY = CONFDIR/myhostname.key
The key is copied from /etc/ssl/private/
1) to /etc/exim4/
in order to set permissions, so Exim (and only Exim) can reed it.
Credits:
tls_on_connect_ports = 465
dpkg-reconfigure exim4-config
and enter for the local interfaces the value[0.0.0.0]:25;[0.0.0.0]:465
2)systemctl restart exim4
apt install fail2ban fail2ban-client add exim-spam fail2ban-client start exim fail2ban-client start exim-spam
fail2ban-client
but create a section in /etc/fail2ban/jail.d/local.conf