Thursday, August 04, 2011

Exim in Debian


I was trying to configure Exim4 in debian for receiving and sending email occasionally.

First I have setup account in dyndns.com for my dynamic public IP.
#dpkg-reconfigure exim4-config
General type of mail configuration:  internet site; mail is sent and received directly using SMTP.
System mail name: yourdomain.com
IP-addresses to listen on for incomming SMTP connections: // leave blank
Other destinations for which mail is accepted: yourdomain.com
Domains to relay mail for: // leave blank
Machines to relay mail for: // leave blank
Keep number of DNS-queries minimal (Dial-on-Demand) ?: No
Delivery method for local mail: Maildir format in home directory
Split configuration into small files ? : No

You can add new account in Evolution mail as "maildir", sending SMTP localhost. done.....

If you face problem while sending mail, you might be interested to configure SMTP relay:
http://wiki.debian.org/GmailAndExim4


TLS and Authentication

Generate a certificate using:
#bash /usr/share/doc/exim4-base/examples/exim-gencert

It will generate exim.crt and exim.key in /etc/exim4/
You may simply copy certificates if you have bought it earlier.

#cd /etc/exim4
#vi exim4.conf.template

add the following line
MAIN_TLS_ENABLE = yes

before
.ifdef MAIN_TLS_ENABLE


To verify TLS we are installing diagnostic tool:
# apt-get install swaks libnet-ssleay-perl
Test the connection:
$ swaks -a -tls -q HELO -s localhost -au your_user -ap '<>'
=== Trying localhost:25...
=== Connected to localhost.
<-  220 debianwb ESMTP Exim 4.76 Thu, 04 Aug 2011 14:22:02 +0600
 -> EHLO debianwb
<-  250-debianwb Hello localhost [127.0.0.1]
<-  250-SIZE 52428800
<-  250-PIPELINING
<-  250-STARTTLS
<-  250 HELP
 -> STARTTLS
<-  220 TLS go ahead
=== TLS started w/ cipher DHE-RSA-AES256-SHA
 ~> EHLO debianwb
<~  250-debianwb Hello localhost [127.0.0.1]
<~  250-SIZE 52428800
<~  250-PIPELINING
<~  250 HELP
 ~> QUIT
<~  221 evie closing connection
We were sending an empty pass while testing swaks.
Now, we will add authentication schema.
For the shell users we are using SASL, which uses PAM for password authentication.

#apt-get install sasl2-bin

To enable:
#vi /etc/default/saslauthd
START=yes
start the deamon
#/etc/init.d/saslauthd start

#vi /etc/exim4/exim4.conf
Un-comment the following line authentication via saslauthd:
plain_saslauthd_server:
   driver = plaintext
   public_name = PLAIN
   server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
   server_set_id = $auth2
   server_prompts = :
   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
   .endif

Add exim to sasl group
#adduser Debian-exim sasl

Test the connection using your username:
#swaks -a -tls -q AUTH -s localhost -au your_user
Password:

you may need to add
#vi /etc/hosts
127.0.0.1    your_domain

Enableing IMAP access:
#apt-get install courier-imap courier-imap-ssl
Create directories for web-based administration -> No
You may install "File Access Monitor" daemon to check other folders beside Inbox:
# apt-get install fam
 Check this link for details information.

Optionally you can check for X.509 Certificate:
# vi /etc/courier/imapd.cnf

If you do not want to use the default certificate, after edit the imapd.cnf, you may generate using:
# mkimapdcert

If you are behind a router, forward port 25, 143, 706, 993 to your server.

source:
http://blog.edseek.com/~jasonb/articles/exim4_courier/index.html
http://pkg-exim4.alioth.debian.org/README/README.Debian.html
http://library.linode.com/email/exim/send-only-mta-debian-6-squeeze
http://koivi.com/exim4-config/

1 comment:

lavluda said...

nice :) will try it at home someday :)