Learn Linux Series (#5) - e-mail server (Exim)
utopian-io·@vitusc·
0.000 HBDLearn Linux Series (#5) - e-mail server (Exim)
Learn Linux Series (#5) - e-mail server (Exim)<br>
https://steemitimages.com/0x0/https://habrastorage.org/getpro/habr/post_images/9e3/d19/948/9e3d19948ac4132613bf784ef7c7d229.png
<br>
#### What Will I Learn?
- What is Exim
- How to install Exim
- How to configure Exim
- Mailboxes and using Maildir
- SMTP authorization
- SSL encryption
- Automatic answer
- Supporting multiple domains in Exim
<br>
#### Requirements
- Linux system installed
- Basic knowledge of terminal operation
- Average knowledge of linux commands
- Motivation when something goes wrong
<br>
#### Difficulty
- Intermediate
<br><br><br>
**Learn Linux Series (#5) - e-mail server (Exim)**<br>
<center>https://www.assistanz.com/wp-content/uploads/2017/04/exim.png</center><br>
The MTA service (message transfer agent) is responsible for the transfer of, among others, e-mail between servers. The most popular representatives of this type of services are: Sendmail, Postfix or Exim described by us. Here are the advantages that speak for choosing Exim as our MTA:<br>
*Authorization in Exim is implemented by default<br>
*Clam AntiVirus - a free antivirus program that works great with Exim<br>
*it supports anti-spam scanner (SpamAssasin), and MIME error detection<br>
*has a lot of useful functions<br><br>
Exim configuration options allow you to build a fairly extensive server that supports local accounts and accounts stored in the MySQL database<br><br>
<center><b>Exim installation</b></center><br>
We run the program: poldek and execute the command:
``` language
poldek -i exim
```
Of course, before we execute the recommendation to start the daemon, we should make the configuration.<br><br>
<center><b>Configuration</b></center><br>
Before we start configuring the SMTP daemon, we must necessarily add an MX record to each DNS zone supported by our server. Local domains are those that Exim treats as 'your' domains. Mail addressed @ utopian.local.domain which will reach Exim will be delivered locally. Such domains are defined in the ***domainlist local_domains*** directive. By default, mail is sent to the same domain as the hostname of the server:
``` language
domainlist local_domains = @
```
The @ sign means 'my name'. To add additional domains, simply add them to this list separated by colons:
``` language
domainlist local_domains = @ : utopian.io : steemit.com : \
/etc/mail/local_domains
```
Besides utopian.io,steemit.com, Exim will now also accept domains listed in the ***/etc/mail/local_domains*** file. Domains should be entered in separate lines. Exim works so well that after adding a file path, you just need to reboot it once. Any combinations in ***/etc/mail/local_domains*** will not require a reboot. So it will be the most convenient to add to the configuration file:
``` language
domainlist local_domains = @ : /etc/mail/local_domains
```
And simply sign all domains to ***/etc/mail/local_domains***<br>
<br>
At this point, we can check the server's operation. All we need is to reload the daemon and send an email to the existing user account. With this configuration, the mail will reach the mbox mailboxes.
<br><br>
<center><b>Mailboxes and using Maildir</b></center><br>
Exim can place mail in both mbox mailboxes (text files in ***/var/mail/***) and increasingly popular Maildir mailboxes (files stored in a directory located in the user's home directory).
In the transporters configuration section, we find the "local_delivery" option, put a comment mark in front of the "file =" option and add the following lines:
``` language
maildir_format = true
directory=${home}/Mail/Maildir
```
As you can easily guess, the second option indicates where the boxes are stored. After modification, the section discussed may look as follows:
``` language
local_delivery:
driver = appendfile
# file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660
maildir_format = true
directory=${home}/Mail/Maildir
```
<br><br>
<center><b>SMTP authorization</b></center><br>
If our users use SMTP from outside the local network, we will need authorization. The Exim case is quite complex. Well, Exim is dropping root privileges too early. The package cyrus-sasl, and more specifically pwcheck daemon (in PLD cyrus-sasl-saslauthd) will help. In the AUTHENTICATORS section, enter the following lines (or delete comments #):
``` language
plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = ${if saslauthd{{$1}{$3}}{1}{0}}
# the above entry will work at saslauthd -a shadow, if
# we run saslauthd -a pam (eg. PLD) enter then:
# server_condition = ${if saslauthd{{$1}{$3}{smtp}}{1}{0}}
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
# the above entry will work at saslauthd -a shadow, if
# we run saslauthd -a pam (eg. PLD) enter then:
# server_condition = ${if saslauthd{{$1}{$3}{smtp}}{1}{0}}
server_set_id = $1
```
The last thing to do with saslauthd (run with the -a pam option) you need to create (or check if it is) is ***/etc/pam.d/smtp***:
``` language
#%PAM-1.0
#
# example PAM file for saslauthd - place it as /etc/pam.d/
# (e.g. /etc/pam.d/smtp if you want to use saslauthd for SMTP
# AUTH)
#
auth required /lib/security/pam_listfile.so
item=user sense=deny file=/etc/security/blacklist
onerr=succeed
auth required /lib/security/pam_unix.so
auth required /lib/security/pam_tally.so
file=/var/log/faillog onerr=succeed no_magic_root
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_tally.so deny=0
file=/var/log/faillog onerr=succeed no_magic_root
account required /lib/security/pam_unix.so
session required /lib/security/pam_unix.so
```
you must also run ***pwcheck saslauthd*** before checking the authorization
``` language
# echo 'pwcheck_method:saslauthd' > /etc/sasl/smtpd.conf
```
<br><br>
<center><b>SSL encryption</b></center><br>
Exim deals very well with connections encrypted using SSL (supports the STARTTLS method). All you need to do is generate the appropriate certificates:
``` language
$ openssl genrsa -out /etc/mail/exim.key 1024
Generating RSA private key, 1024 bit long modulus
.......++++++
..............................++++++
e is 65537 (0x10001)
$ openssl req -new -x509 -days 365 -key /etc/mail/exim.key -out \
/etc/mail/exim.crt
Using configuration from /var/lib/openssl/openssl.cnf
You are about to be asked to enter information that will be
incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:EN
State or Province Name (full name) [Some-State]:NYC
Locality Name (eg, city) []:City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Utopian Ltd.
Organizational Unit Name (eg, section) []:Utopian's Mail Server
Common Name (eg, YOUR name) []:utopian.io
Email Address []:utopian@utopian.io
```
After such treatment, the following should be added to the Exim main section:
``` language
tls_certificate = /etc/mail/exim.crt
tls_privatekey = /etc/mail/exim.key
tls_advertise_hosts = *
```
after restart, Exim should be able to communicate with SSL without any problems, which can be seen in the logs:
``` language
U=exim P=esmtp X=TLSv1:DES-CBC3-SHA:168 S=2909
id=ebb601c374e2$80dace00$cab00a12@fv
```
Formerly, Exim could listen on port 465 only using inetd, in newer versions we will be able to set the appropriate options:
``` language
daemon_smtp_ports = 25 : 465
tls_on_connect_ports = 465
```
<br><br>
<center><b>Automatic answer</b></center><br>
It's a good idea to set up an automatic response for people who write to you. Here, the Exim option comes in handy.
At the beginning we edit the file ***/etc/mail/exim.conf*** and in the routers section in front of the localuser router we add the following lines:
``` language
user_vacation:
driver = accept
check_local_user
# utopian-io is on vacation. We will try to write back as soon as possible.
condition = "${if or {{match {$h_precedence:} {(?i)junk|bulk|list}} {eq {$sender_address} {}}} {no} {yes}}"
no_expn
require_files = /var/mail/vacation/${local_part}/vacation.msg
# utopian-io is on vacation. We will try to write back as soon as possible.
senders = " ! ^.*-request@.*:\
! ^.*@list*.*:\
! ^owner-.*@.*:\
! ^postmaster@.*:\
! ^listmaster@.*:\
! ^mailer-daemon@.*\
! ^root@.*"
transport = vacation_reply
unseen
user = ${local_part}
no_verify
```
Next, we create a directory ***/var/mail/vacation***, in which there will be directories containing the username and files with information about the reason for his absence. We write this reason to the vacation.msg file located in ***/var/mail/vacation/USER_NAME/.*** Once we have these settings behind us in the transport section, we add the following lines:
``` language
vacation_reply:
driver = autoreply
file = /var/mail/vacation/$local_part/vacation.msg
file_expand
from = System Automatycznej Odpowiedzi <$original_local_part@$original_domain>
log = /var/mail/vacation/$local_part/vacation.log
once = /var/mail/vacation/$local_part/vacation.db
once_repeat = 7d
subject = ${if def:h_Subject: {Re: ${quote:${escape:${length_50:$h_Subject:}}} (autoreply)} {Information} }
text = "\
Hi $h_from\n\n\
**your content**\n\
**your content2**:\n\
====================================================\n\n\
"
to = "$sender_address"
```
That's all, now we have to restart Exim:
``` language
# /etc/rc.d/init.d/exim restart
```
<br><br>
<center><b>Supporting multiple domains in Exim</b></center><br>
Below is the listing from ***/etc/mail/exim.conf***
``` language
virtusertable_alias:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part@$domain}lsearch{/etc/mail/virtusertable}}
file_transport = address_file
pipe_transport = address_pipe
virtusertable_defaultalias:
driver = redirect
allow_fail
allow_defer
data = ${lookup{@$domain}lsearch{/etc/mail/virtusertable}}
file_transport = address_file
pipe_transport = address_pipe
```
Place the example above at the beginning of the routers section. For the record, let me add that the beginning of the section is marked with the word begin.
Below is a listing from the file ***/etc/mail/virtusertable***
``` language
user@utopian.io user
user2@steemit.com user2
@domain.eu user3
```
User3 will receive all mail from the domain "***domain.eu***". After these procedures, exim should already be prepared to support multiple domains. You must remember to restart it after modifying its configuration file.
``` language
# /etc/rc.d/init.d/exim restart
```
<br><br><br>
#### Curriculum
- [Part 1 - TCP/IP Computer Adaptation](https://utopian.io/utopian-io/@vitusc/learn-linux-series-1-tcp-ip-computer-adaptation)
- [Part 2 - Proftpd management and configuration](https://utopian.io/utopian-io/@vitusc/learn-linux-series-2-proftpd-management-and-configuration)
- [Part 3 - Introduction to programming](https://utopian.io/utopian-io/@vitusc/learn-linux-series-3-introduction-to-programming)
- [Part 4 - e-mail server (Postfix)](https://utopian.io/utopian-io/@vitusc/learn-linux-series-4-e-mail-server-postfix)
<br /><hr/><em>Posted on <a href="https://utopian.io/utopian-io/@vitusc/learn-linux-series-5-e-mail-server-exim">Utopian.io - Rewarding Open Source Contributors</a></em><hr/>