Mail - exim4
Exim4 is a Message Transfer Agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. Exim can be installed in place of sendmail, although its configuration is quite different.
Installation
To install exim4, run the following command:
sudo apt install exim4
Configuration
To configure Exim4, run the following command:
sudo dpkg-reconfigure exim4-config
This displays a user interface “wizard” for configuring the software. For example, in Exim4 the configuration files are split among multiple files; if you wish to have them in one file you can configure accordingly via this user interface.
All the configurable parameters from the user interface are stored in /etc/exim4/update-exim4.conf.conf
file, so to re-configure you can either re-run the wizard or manually edit this file using your favorite editor. Once you are finished, you can run the following command to generate the master configuration file:
sudo update-exim4.conf
The master configuration file is stored in /var/lib/exim4/config.autogenerated
.
Warning
At any time, you should not manually edit the master configuration file,
/var/lib/exim4/config.autogenerated
, because it is updated automatically every time you runupdate-exim4.conf
, so your changes will risk being accidentally lost during a future update.
The following command will start the Exim4 daemon:
sudo service exim4 start
SMTP Authentication
Exim4 can be configured to use SMTP-AUTH with TLS and SASL.
First, enter the following into a terminal prompt to create a certificate for use with TLS:
sudo /usr/share/doc/exim4-base/examples/exim-gencert
Configure Exim4 for TLS by editing /etc/exim4/conf.d/main/03_exim4-config_tlsoptions
and adding the following:
MAIN_TLS_ENABLE = yes
Second, configure Exim4 to use the saslauthd for authentication by editing /etc/exim4/conf.d/auth/30_exim4-config_examples
and uncomment the plain_saslauthd_server and login_saslauthd_server sections:
plain_saslauthd_server:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
server_set_id = $auth2
server_prompts = :
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
#
login_saslauthd_server:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
# don't send system passwords over unencrypted connections
server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
server_set_id = $auth1
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
Additionally, to enable outside mail clients to connect to the new server, a new user needs to be added into exim by using the following commands.
sudo /usr/share/doc/exim4-base/examples/exim-adduser
Protect the new password files with the following commands:
sudo chown root:Debian-exim /etc/exim4/passwd
sudo chmod 640 /etc/exim4/passwd
Finally, update the Exim4 configuration and restart the service:
sudo update-exim4.conf
sudo systemctl restart exim4.service
Configuring SASL
To configure the saslauthd to provide authentication for Exim4, first install the sasl2-bin package by running this command at a terminal prompt:
sudo apt install sasl2-bin
To configure saslauthd, edit the /etc/default/saslauthd configuration file and set:
START=yes
Next, to make Exim4 use the saslauthd service, the Debian-exim user needs to be part of the sasl group:
sudo adduser Debian-exim sasl
Finally, start the saslauthd service:
sudo service saslauthd start
Exim4 is now configured with SMTP-AUTH using TLS and SASL authentication.
References
-
See exim.org for more information.
-
Another resource is the Exim4 Ubuntu Wiki page.
-
Further resources to set up mailman3 with exim4