/usr/local.org

User Tools

Site Tools

You are here: Home » Documents » Tips 'n tricks (IT) » exim
docs:tips_n_tricks:exim.html

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
docs:tips_n_tricks:exim.html [30.07.2016 14:11 CEST] – [Creating local accounts to authenticate against for as outgoing smart host on debian] peterdocs:tips_n_tricks:exim.html [18.11.2019 00:08 CET] (current) – [Enabling fail2ban for exim4 on Debian buster] peter
Line 84: Line 84:
   * [[http://vk6hgr.echidna.id.au/blog/?p=184|Exim on Debian and frustrating authentication errors]]   * [[http://vk6hgr.echidna.id.au/blog/?p=184|Exim on Debian and frustrating authentication errors]]
   * ''/usr/share/doc/exim4-config/README.Debian.gz'' on your local debian installation   * ''/usr/share/doc/exim4-config/README.Debian.gz'' on your local debian installation
 +===== TLS with exim < 4.80 using GnuTLS on debian =====
 +
 +  vi /etc/exim4/conf.d/main/00_local_macros
 +  cp -vip /etc/ssl/private/myhostname.key /etc/exim4/
 +  chgrp Debian-exim /etc/exim4/myhostname.key
 +  chmod o-rwx,g=r /etc/exim4/myhostname.key
 +  update-exim4.conf.template -r
 +  /etc/init.d/exim4 stop
 +  /etc/init.d/exim4 start # this will call update-exim4.conf
 +
 +__added lines to ''00_local_macros''__:
 +
 +  MAIN_TLS_ENABLE = 1
 +  tls_require_ciphers = AES_256 : AES_128 : 3DES
 +  gnutls_require_protocols = TLS1 
 +  
 +  MAIN_TLS_CERTIFICATE = /etc/ssl/certs/myhostname.crt
 +  MAIN_TLS_PRIVATEKEY = CONFDIR/myhostname.key
 +
 +The key is copied from ''/etc/ssl/private/''((which is root-readable only)) to ''/etc/exim4/'' in order to set permissions, so //Exim// (and only //Exim//) can reed it.
 +
 +Credits:
 +
 +  * www.schneiderp.de had an [[http://www.schneiderp.de/documentation/www.exim.org/exim-html-current/doc/html/spec_html/ch39.html#SECTreqciphgnu|old exim documentation]] available
 +  * Tests done with [[https://de.ssl-tools.net/|SSL-Tools]]
 +{{tag>ssl gnutls}}
 +{{entry>ssl}}
 +{{entry>gnutls}}
 +
 +===== Enableing smtps/submissons on port 465 on debian Buster =====
 +  * Enable TLS as described above
 +  * <code text  /etc/exim4/conf.d/main/03_custom-config_tlsoptions> 
 +tls_on_connect_ports = 465
 +</code>
 +  * run ''dpkg-reconfigure exim4-config'' and enter for the //local interfaces// the value\\ ''[0.0.0.0]:25;[0.0.0.0]:465''((Exim documentation says, ''0.0.0.0.25 ; 0.0.0.0.465'' but I didn't check whether that works as well))
 +  * restart //exim4//: ''systemctl restart exim4''
 +
 +===== Enabling fail2ban for exim4 on Debian buster =====
 +
 +  apt install fail2ban
 +  fail2ban-client add exim-spam
 +  fail2ban-client start exim
 +  fail2ban-client start exim-spam
 +
 +<note tip>Don't try to configure it by ''fail2ban-client'' but create a section in ''/etc/fail2ban/jail.d/local.conf''</note>
 +{{tag>fail2ban}}
 +{{entry>fail2ban}}
 +  
  
 ======   ====== ======   ======
docs/tips_n_tricks/exim.html.1469880703.txt.gz · Last modified: 30.07.2016 14:11 CEST by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki