Showing posts with label exim4. Show all posts
Showing posts with label exim4. Show all posts

Friday, March 4, 2011

Exim4 SSL/TLS Configuration

Here we are going configure exim4 to use SSL/TLS for incoming connections:
  1. First of all let create an exim4 certificate request (see here how to create a certificate authority): 
    openssl req -newkey rsa:2048 -keyout exim.key -out exim.csr -days 3650 -nodes
  2. Now let sign it with our certificate authority: 
    openssl ca -out exim.crt -infiles exim.csr
  3. Here we get two important files: exim.key (that is private key) and exim.crt (x509 certificate file). Let copy them to /etc/exim4
  4. Secure certificates: 
    chown root:Debian-exim exim.key exim.crt
chmod g=r,o= exim.key exim.crt
  5. Enable exim4 daemon listening options for ports 25 and 465 (file /etc/default/exim4): 
    SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'
  6. Turn on SSL/TLS option (new file /etc/exim4/conf.d/main/00_exim4-localmacros): 
    MAIN_TLS_ENABLE = true
  7. Restart exim4 and have a look at log file when you send a test message. 
    /etc/init.d/exim4 restart
echo test | mail -s "ssl/tls test" root@dev.local
    Here is what you will see in log file (/var/log/exim4/mainlog): 
    ... P=esmtps X=TLS1.0:RSA_AES_256_CBC_SHA1:32 ...
    If for some reason you can not see esmtps message in log file it most likely it doesn't use SSL/TLS for local delivery, try from remote machine.

Alternative Certificate Location

You can specify any location for ssl/tls certificate (file /etc/exim4/conf.d/main/00_exim4-localmacros): 
MAIN_TLS_CERTIFICATE=/etc/ssl/certs/mail.dev.local-cert.pem
MAIN_TLS_PRIVATEKEY=/etc/ssl/private/mail.dev.local-key.pem
This is useful when you host both SMTP and IMAP services on the same host. Note, group Debian-exim must have read access to both files.
Posted by Andriy Kornatskyy at 10:30 PM 3 comments
Labels: , ,

Tuesday, February 15, 2011

Configure exim4 internet site; mail is sent and received directly using SMTP

This option of exim4 let you configure SMTP server for your domain.
  • SMTP host FQDN: mail1.dev.local, ip: 192.168.10.11
  • Domain: dev.local, serves emails like user1@dev.local
  • Delivery mode: Maildir
  • Mail location: /var/mail/<user>
Here are few simple steps to configure:
Read more »
Posted by Andriy Kornatskyy at 9:30 PM 0 comments
Labels: , ,

Monday, February 7, 2011

Configure exim4 to send messages by smarthost, no local mail

This option of exim4 configuration is suitable for a client system which is not responsible for a local e-mail domain. All locally generated e-mail is sent to the smarthost.
  • Smarthost FQDN: mail.dev.local
  • Client: deby01.dev.local
Here are few simple steps to configure:
  1. The easiest way is to reconfigure exim4-config package: 
    dpkg-reconfigure exim4-config

  2. General type of mail configuration:
   mail sent by smarthost; no local mail
System mail name:
   deby01.dev.local
IP-addresses to listen on for incoming SMTP connections:
   127.0.0.1
Other destinations for which mail is accepted:
   deby01.dev.local
Visible domain name for local users:
   deby01.dev.local
IP address or host name of the outgoing smarthost:
   mail.dev.local
Keep number of DNS-queries minimal (Dial-on-Demand)?
   No
Split configuration into small files?
   No
Let verify it is working: 
echo "test message" | mail -s "test" user1@dev.local
... exim4 log (file /var/log/exim4/mainlog): 
1PmoNq-0001or-55 <= root@deby01.dev.local H=deby01.dev.local (localhost) [192.168.XX.XXX] P=esmtps X=TLS1.0:RSA_AES_256_CBC_SHA1:32 S=715 id=E1PmoNq-0001f6-08@localhost
1PmoNq-0001or-55 => user1  R=local_user T=maildir_home
1PmoNq-0001or-55 Completed
At this point user1 should be able to receive your test message.
Posted by Andriy Kornatskyy at 9:00 PM 0 comments
Labels: , ,
Subscribe to: Posts ( Atom )