Differences

This shows you the differences between two versions of the page.

--- docs:tips_n_tricks:exim.html [10.04.2010 20:57 CEST] – created peter
+++ docs:tips_n_tricks:exim.html [18.11.2019 00:08 CET] (current) – [Enabling fail2ban for exim4 on Debian buster] peter
@@ Line 1: / Line 1: @@
 ====== exim ======
 ===== Increase timeout for delay warning messages =====
-add the line
+In case exim can not deliver a mail, it informs the sender by sending a warning message.
+To send out those messages only after a mail could not be delivered for 15 days, add the line
   delay_warning = 15d
@@ Line 10: / Line 12: @@
   timeout_frozen_after = ...
-which is - at least on debian systems - already there.
+in exims configuration file. The latter does - at least on debian systems - already exist. On Debian systems, there is no ''exim4.conf'' file. You have to edit ''exim4.conf.template'' instead and run ''update-exim2.conf'' afterwards.
+===== Expunge undeliverable mails =====
+  exim4 -Mg <Message-Id>
+===== Virtual domains with exim4 on Debian =====
+Place virtual hosts alias files (like ''/etc/aliases'') in ''/etc/exim4/virtual/'' with it's name being the domain name. I.e. for domain //example.com// it would be the file ''/etc/exim4/virtual/example.com''.
+Create the file ''/etc/exim4/conf.d/router/350_local_virtual'':
+  virtual:
+        driver = redirect
+        allow_defer
+        allow_fail
+        domains = dsearch;/etc/exim4/virtual
+        data = ${expand:${lookup{$local_part}lsearch*@{/etc/exim4/virtual/$domain}}}
+        retry_use_local_part
+        pipe_transport   = address_pipe
+        file_transport   = address_file
+        no_more
+Then run
+  update-exim4.conf.template -r
+  /etc/init.d/exim4 restart
+You must __not__ have a virtual domain name for the "system mail name" as configured with ''dpkg-reconfigure exim4-config'' as this will screw up delivery to local addresses.
+===== Use a debian server with exim4 as a incoming(!) smart host for dialup systems =====
+  * Put your routing in ''/etc/exim4/hubbed_hosts'' (Will be used by standard debian exim configuration automatically)
+  mydomain.com        mail.mydomain.intern
+(provided that //mail.domain.intern// resolves to an ip address  by ''/etc/host'' or an internal DNS)
+  * Create a new file for your domain specific retry schedule ''/etc/exim4/conf.d/retry/35_local''
+  # Address or Domain    Error       Retries
+  # -----------------    -----       -------
+  *.mydomain.com         *           F,1h,5m;F,2d,1h;F,999d,1d
+  *.mydomain.intern      *           F,1h,5m;F,2d,1h;F,999d,1d
+  * Increase the time until the server will send warning messages, as the dialup computer may be offline for several days by creating a new file ''/etc/exim4/conf.d/main/02_local_options''
+  delay_warning = 15d
+  * Run
+  update-exim4.conf.template -r
+  /etc/init.d/exim4 restart
+===== Creating local accounts to authenticate against for as outgoing smart host on debian =====
+==== exim-adduser ====
+Use ''/usr/share/doc/exim4/examples/exim-adduser'' to create users and set permissions of ''/etc/exim4/passwd'' right afterwords
+==== shadow ====
+There seem to be other solutions using ''/etc/shadow'' which require the //exim// user to be in the group //shadow//
+==== mkpasswd ====
+The files format is one user per line:
+  <uid>:<hashed password>:<cleartext password>:
+The //hashed password// can be generated by ''mkpasswd -H md5 //<cleartext password>//''. The //cleartext password// is only needed when using CRAM-MD5 authentication.
+//mkpasswd// for debian systems is available in the //whois// package.
+References:
+  * [[https://www.debian-administration.org/article/280/HowTo_Setup_Basic_SMTP_AUTH_in_Exim4|HowTo Setup Basic SMTP AUTH in Exim4]]
+  * [[http://vk6hgr.echidna.id.au/blog/?p=184|Exim on Debian and frustrating authentication errors]]
+  * ''/usr/share/doc/exim4-config/README.Debian.gz'' on your local debian installation
+===== TLS with exim < 4.80 using GnuTLS on debian =====
+  vi /etc/exim4/conf.d/main/00_local_macros
+  cp -vip /etc/ssl/private/myhostname.key /etc/exim4/
+  chgrp Debian-exim /etc/exim4/myhostname.key
+  chmod o-rwx,g=r /etc/exim4/myhostname.key
+  update-exim4.conf.template -r
+  /etc/init.d/exim4 stop
+  /etc/init.d/exim4 start # this will call update-exim4.conf
+__added lines to ''00_local_macros''__:
+  MAIN_TLS_ENABLE = 1
+  tls_require_ciphers = AES_256 : AES_128 : 3DES
+  gnutls_require_protocols = TLS1
+  MAIN_TLS_CERTIFICATE = /etc/ssl/certs/myhostname.crt
+  MAIN_TLS_PRIVATEKEY = CONFDIR/myhostname.key
+The key is copied from ''/etc/ssl/private/''((which is root-readable only)) to ''/etc/exim4/'' in order to set permissions, so //Exim// (and only //Exim//) can reed it.
+Credits:
+  * www.schneiderp.de had an [[http://www.schneiderp.de/documentation/www.exim.org/exim-html-current/doc/html/spec_html/ch39.html#SECTreqciphgnu|old exim documentation]] available
+  * Tests done with [[https://de.ssl-tools.net/|SSL-Tools]]
+{{tag>ssl gnutls}}
+{{entry>ssl}}
+{{entry>gnutls}}
+===== Enableing smtps/submissons on port 465 on debian Buster =====
+  * Enable TLS as described above
+  * <code text  /etc/exim4/conf.d/main/03_custom-config_tlsoptions>
+tls_on_connect_ports = 465
+</code>
+  * run ''dpkg-reconfigure exim4-config'' and enter for the //local interfaces// the value\\ ''[0.0.0.0]:25;[0.0.0.0]:465''((Exim documentation says, ''0.0.0.0.25 ; 0.0.0.0.465'' but I didn't check whether that works as well))
+  * restart //exim4//: ''systemctl restart exim4''
+===== Enabling fail2ban for exim4 on Debian buster =====
+  apt install fail2ban
+  fail2ban-client add exim-spam
+  fail2ban-client start exim
+  fail2ban-client start exim-spam
+<note tip>Don't try to configure it by ''fail2ban-client'' but create a section in ''/etc/fail2ban/jail.d/local.conf''</note>
+{{tag>fail2ban}}
+{{entry>fail2ban}}
+======   ======
+{{tag>debian email exim}}
+{{entry>debian}}
+{{entry>email}}
+{{entry>exim}}