Wiki

User Tools

Site Tools

Trace:
exim4:config

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
exim4:config [2016/11/23 10:28] peterexim4:config [2020/07/15 09:30] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== Exim4 - Config ====== ====== Exim4 - Config ======
  
 +
 +http://networkgeekstuff.com/networking/tutorial-email-server-for-a-small-company-including-imap-for-mobiles-spf-and-dkim/
 TODO TODO
  
Line 11: Line 13:
  
 <WRAP info> <WRAP info>
-A different user could be used as the owner instead of using the **mail** user account, and if so simply ensure that you adjust for all subsequent instructions in this setup.+**NOTE**:  A different user could be used as the owner instead of using the **mail** user account, and if so simply ensure that you adjust for all subsequent instructions in this setup.
  
 For example, you could create a different user account named exim: For example, you could create a different user account named exim:
Line 39: Line 41:
  
 <WRAP info> <WRAP info>
-Ubuntu usually has the **mail** user having:+**NOTE**:  Ubuntu usually has the **mail** user having:
  
   * a UID value of 8.     * a UID value of 8.  
Line 51: Line 53:
  
 To use TLS / SSL create a certificate.  To use TLS / SSL create a certificate. 
 +
 +Create a certificate manually.  Within the /etc/exim4 directory run:
  
 <code bash> <code bash>
Line 58: Line 62:
 </code> </code>
  
-Fill in the following fields with any data you like (as this is purely a self-signed certificate) except for the **Common Name (eg, YOUR name) []** field where you need to enter the name of the server:+<WRAP todo> 
 +Should this be 
 + 
 +openssl req -x509 **-sha256** -newkey rsa:4096 -keyout mail.pem -out mail.pem -days 9999 -nodes 
 +</WRAP>
  
 <WRAP alert> <WRAP alert>
-There are less than 9999 days left before the Unix / Linux 32-bit date wrap-around occurs.  +**ALERT**:  There are less than **9999** days left before the Unix / Linux 32-bit date wrap-around occurs.  
  
 This can result in the days being calculated as a negative date.  It would be safer to use a more meaningful number of days. This can result in the days being calculated as a negative date.  It would be safer to use a more meaningful number of days.
 </WRAP> </WRAP>
 +
 +Fill in the following fields with any data you like (as this is purely a self-signed certificate) except for the **Common Name (eg, YOUR name) []** field where you need to enter the name of the server:
  
  
 +Shows
  
 <code> <code>
-Country Name (2 letter code) [CA]: UA +Generating a 4096 bit RSA private key 
-State or Province Name (full name) [Quebec]: Kiev +............................................++ 
-Locality Name (eg, city) [Montreal]: Kiev +.............................................................................................................................++ 
-Organization Name (eg, company) [Open Network Architecture]: Internet Provider +writing new private key to 'exim.key' 
-Organizational Unit Name (eg, section) [Internet Department]: Network Operation Center +----- 
-Common Name (eg, YOUR name) []: jared.kiev.ua +You are about to be asked to enter information that will be incorporated 
-Email Address []: noc@jared.kiev.ua+into your certificate request. 
 +What you are about to enter is what is called a Distinguished Name or a DN. 
 +There are quite a few fields but you can leave some blank 
 +For some fields there will be a default value, 
 +If you enter '.', the field will be left blank. 
 +----- 
 +Country Name (2 letter code) [AU]:UK 
 +State or Province Name (full name) [Some-State]:Jersey 
 +Locality Name (eg, city) []:St. Helier  
 +Organization Name (eg, company) [Internet Widgits Pty Ltd]:ShareWiz 
 +Organizational Unit Name (eg, section) []:Tech 
 +Common Name (e.g. server FQDN or YOUR name) []:mail.sharewiz.net 
 +Email Address []:admin@sharewiz.net
 </code> </code>
  
Line 117: Line 140:
 openssl ecparam -list_curves openssl ecparam -list_curves
  
-openssl rsa req -passin Pa551923w0rd -in 1_sharewiz.net.csr -noout -text+openssl rsa req -passin password -in 1_sharewiz.net.csr -noout -text
  
  
Line 155: Line 178:
 ==== configure ==== ==== configure ====
  
-<code+<file bash configure
-configure:+######################################################################  
 +# Runtime configuration file for Exim #  
 +###################################################################### 
  
-  ################################################## ####################  +Include main settings. 
-  # Runtime configuration file for Exim #  +include /usr/local/etc/exim/100.main.conf
-  ################################################## #################### +
  
-  Inklyudim main settings +Include settings Greylisting. 
- .include /usr/local/etc/exim/100.main.conf+.include /usr/local/etc/exim/110.greylist.conf
  
- Inklyudim settings Greylisting +### ACL configuration for incoming mail. 
- .include /usr/local/etc/exim/110.greylist.conf+begin acl
  
- ### ACL configuration for incoming mail +Start ACL - "working" for the ACL Greylisting 
- begin acl+.ifdef USE_GREYLIST 
 +greylist_acl: 
 +.include /usr/local/etc/exim/200.acl-greylist.conf 
 +.endif
  
- Start ACL - "workingfor the ACL Greylisting +Verify the HELO. 
- .ifdef USE_GREYLIST+acl_check_helo: 
 +  accept hosts = +relay_from_hosts 
 +  drop condition = ${if match{$sender_helo_name}{MY_IP}{yes}{no} } 
 +  message   "Dropped spammer pretending to be us
 +  drop condition = ${if match{$sender_helo_name}{^[0-9]\.[0-9]\.[0-9]\.[0-9]}{yes}{no} } 
 +  message   = "Dropped IP-only or IP-starting helo" 
 +accept
  
- greylist_acl: 
- .include /usr/local/etc/exim/200.acl-greylist.conf 
  
- .endif+# These rules are triggered for each email. 
 +acl_check_rcpt: 
 +  warn set acl_c_lp = $local_part@$domain
  
- Verifying the HELO +  Acl_check_rcpt - checking the syntax is correct 
- acl_check_helo: +  .include /usr/local/etc/exim/400.acl-check-rcpt-syntax.conf
-  accept hosts = +relay_from_hosts +
-  drop condition = ${if match {$sender_helo_name} {MY_IP} {yes} {no}} +
-  message = "Dropped spammer pretending to be us" +
-  drop condition = ${if match {$sender_helo_name} {^ [0-9] \[0-9] \[0-9] \. [0-9]} {yes} {no}} +
-  message = "Dropped IP-only or IP-starting helo" +
- accept+
  
- These rules are triggered for each letter +  Acl_check_rcpt - anti-spam - Host and others. 
- acl_check_rcpt:+  .include /usr/local/etc/exim/410.acl-check-rcpt-spam.conf
  
- warn set acl_c_lp = $local_part @ $ domain+  # Acl_check_rcpt - black-lists, delays, etc. 
 +  .include /usr/local/etc/exim/420.acl-check-rcpt-end.conf
  
- # Acl_check_rcpt - checking the syntax is correct 
- .include /usr/local/etc/exim/400.acl-check-rcpt-syntax.conf 
  
- Acl_check_rcpt - anti-spam - Host and others+Check the message body
- .include /usr/local/etc/exim/410.acl-check-rcpt-spam.conf+acl_check_content:
  
- Acl_check_rcpt - black-lists, delays, etc. +  Include configuration message body check 
- .include /usr/local/etc/exim/420.acl-check-rcpt-end.conf+  .include /usr/local/etc/exim/500.acl-check-data.conf
  
- # Check the message body  
-  acl_check_content: 
  
- Inklyudim configuration message body check +What do we do with the mail. 
- .include /usr/local/etc/exim/500.acl-check-data.conf+begin routers
  
- What do we do with the mail +  Include router configuration 
- begin routers +  .include /usr/local/etc/exim/600.routers.conf
- # Inklyudim configuration routrerov +
- .include /usr/local/etc/exim/600.routers.conf+
  
- # Start transports - both deliver mail 
- begin transports 
- # Inklyudim transports 
- .include /usr/local/etc/exim/700.transports.conf 
  
- Configuration of repetition and rewriting +Start transports - Delivers the mail. 
- .include /usr/local/etc/exim/800.retry.conf+begin transports
  
- #begin rewrite+  Include transports. 
 +  .include /usr/local/etc/exim/700.transports.conf
  
- # Authentication section when sending emails. + 
- begin authenticators +# Configuration of repetition and rewriting. 
- # Authenticate users. +.include /usr/local/etc/exim/800.retry.conf 
- .include /usr/local/etc/exim/900.authenticators.conf  + 
-</code>+ 
 +#begin rewrite 
 + 
 + 
 +# Authentication section when sending emails. 
 +begin authenticators 
 +  # Authenticate users. 
 +  .include /usr/local/etc/exim/900.authenticators.conf  
 +</file>
  
  
Line 235: Line 262:
  
 <code> <code>
-  # Set the variables +# Set the variables. 
- MY_IP = 123.123.123.123 +MY_IP = 123.123.123.123 
- INTERNAL_IP = 192.168.1.2+INTERNAL_IP = 192.168.1.2 
 + 
 +# Settings Vexim. 
 +USE_SPF = true 
 +USE_AV = true 
 +USE_SPAMD = true 
 +USE_GREYLIST = true 
 +TLS = true 
 + 
 +# Whitelisting. 
 +hostlist whitelist_hosts = net-iplsearch; /usr/local/etc/exim/whitelist-hosts 
 +addresslist whitelist_sender = wildlsearch; /usr/local/etc/exim/whitelist-sender 
 + 
 +# In IPv6 we do not work. 
 +disable_ipv6 = true
  
- Settings Vexim +User and group from which will run the entire bundle. 
- USE_SPF true +exim_user exim 
- USE_AV true +exim_group mail
- USE_SPAMD = true +
- USE_GREYLIST = true +
- TLS = true+
  
- Whitelisting +There were mailings settings, do not use - no setup. 
- hostlist whitelist_hosts net-iplsearch; /usr/local/etc/exim/whitelist-hosts +MAILMAN_HOME = /usr/local/mailman 
- addresslist whitelist_sender wildlsearch; /usr/local/etc/exim/whitelist-sender+MAILMAN_WRAP = MAILMAN_HOME/mail/mailman 
 +MAILMAN_USER = exim 
 +MAILMAN_GROUP = mail
  
- In IPv6 we do not work +Enter the credentials to connect to the MySQL server.  
- disable_ipv6 true+# Word `hide`, first, means that when  
 +# Check config command call  
 +# Exim -bV config_file these data will not be displayed.  
 +# If without it - it will be shown ... Recording format:  
 +# Host / dbname / user / password 
 +hide mysql_servers localhost::(/tmp/mysql.sock)/mail/exim/8975f9i7vioyuhg
  
- User and group from which will run the entire bundle +Interfaces to listen. 
- exim_user exim +local_interfaces MY_IP
- exim_group = mail+
  
- # There were mailings settingsdo not use - no setup +# Host Name.  Used EHLO.  
- MAILMAN_HOME = / usr / local / mailman +Listed on the other pointsif they are not specified, the type qualify_domain and other ..  
- MAILMAN_WRAP = MAILMAN_HOME / mail / mailman +# If there are not found anything (comment out the line), then used that returns the uname () function. 
- MAILMAN_USER = exim +primary_hostname sharewiz.net
- MAILMAN_GROUP mail+
  
- Enter the credentials to connect to the MySQL server.  +Request for sampling Domain Information
-  # Word `hide`, first, means that when  +VIRTUAL_DOMAINS = SELECT DISTINCT domain FROM domains WHERE type = 'local' AND enabled = '1' AND domain = '${quote_mysql:$domain}' 
-  # Check config command call  +RELAY_DOMAINS = SELECT DISTINCT domain FROM domains WHERE type = 'relay'  AND domain = '${quote_mysql:$domain}' 
-  # Exim -bV config_file these data will not be displayed.  +ALIAS_DOMAINS SELECT DISTINCT alias FROM domainalias WHERE alias = '${quote_mysql:$domain}'
-  # If without it - it will be shown ... Recording format:  +
-  # Host / dbname / user / password +
- hide mysql_servers localhost :: (/tmp/mysql.sock) /mail/exim/8975f9i7vioyuhg+
  
- # Interfaces to listen +# Make a list of local domains.  Next, the list will appear in the form of + local_domains. 
- local_interfaces MY_IP+In this case, the domains are selected from the database MySQL.  Also, you can simply scroll through the colon. 
 +domainlist local_domains = @ : ${lookup mysql{VIRTUAL_DOMAINS}} : ${lookup mysql{ALIAS_DOMAINS}} 
 +domainlist relay_to_domains ${lookup mysql{RELAY_DOMAINS}}
  
- Host Name.  Used EHLO.  +List of trusted networks from which mail will go without a number of checks
-  # Listed on the other points, if they are not specified, the type qualify_domain and other ..  +hostlist   relay_from_hosts = localhost : MY_IP : 192.168.100.0/20 : 192.168.80.0/24
-  # If there are not found anything (comment out the line), then used that returns the uname () function +
- primary_hostname = sharewiz.net+
  
- Request for sampling Domain Information +Enter the name acl for checking mail. 
- VIRTUAL_DOMAINS SELECT DISTINCT domain FROM domains WHERE type = 'local' AND enabled = '1' AND domain = '${quote_mysql: $domain}' +acl_smtp_rcpt acl_check_rcpt 
- RELAY_DOMAINS SELECT DISTINCT domain FROM domains WHERE type = 'relay' AND domain = '${quote_mysql: $domain}' +acl_smtp_data acl_check_content 
- ALIAS_DOMAINS = SELECT DISTINCT alias FROM domainalias WHERE alias '${quote_mysql: $domain}'+acl_smtp_helo acl_check_helo
  
- Make a list of local domains Next, the list will appear in the form of + local_domains  +If the setting is said to check mail for viruses - connect
-  # In this case, the domains are selected from the database MySQL.  Also, you can simply scroll through the colon+.ifdef USE_AV 
- domainlist local_domains @${lookup mysql {VIRTUAL_DOMAINS}}: ${lookup mysql {ALIAS_DOMAINS}} +av_scanner clamd:/var/run/clamav/clamd.sock 
- domainlist relay_to_domains = ${lookup mysql {RELAY_DOMAINS}}+.endif
  
- # List of trusted networks from which mail will go without a number of checks 
- hostlist relay_from_hosts = localhost: MY_IP: 192.168.100.0/20: 192.168.80.0/24  
  
- Enter the name acl`ov for checking mail. +If the setting is said to check mail for spam - connect
- acl_smtp_rcpt = acl_check_rcpt +.ifdef USE_SPAMD 
- acl_smtp_data acl_check_content +spamd_address /var/run/spamd.sock 
- acl_smtp_helo = acl_check_helo+.endif
  
- # If the setting is said to check mail for viruses - connect 
- .ifdef USE_AV 
- av_scanner = clamd: /var/run/clamav/clamd.sock 
- .endif 
  
- # If the setting is said to check mail for spam - connect +# If the setting is said to work with support for SSL - connect. 
- .ifdef USE_SPAMD +.ifdef TLS 
- spamd_address = /var/run/spamd.sock + # SSL/TLS cert and key 
- .endif+ tls_certificate = /etc/ssl/certs/mail.pem 
 + tls_privatekey = /etc/ssl/certs/mail.pem 
 + # Advertise TLS to anyone 
 + tls_advertise_hosts = * 
 + tls_on_connect_ports=465 
 +.endif
  
- # If the setting is said to work with support for SSL - connect 
- .ifdef TLS 
-  # SSL / TLS cert and key 
-  tls_certificate = /etc/ssl/certs/mail.pem 
-  tls_privatekey = /etc/ssl/certs/mail.pem 
-  # Advertise TLS to anyone 
-  tls_advertise_hosts = * 
-  tls_on_connect_ports = 465 
- .endif 
  
- # Domain name is added to the local senders (real  +# Domain name is added to the local senders (real users of the system) that mail is sent from the root, will be from  
-  # Of users of the system) that  mail is sent from the root, will be from  +root@sharewiz.net.  If this item is not specified, then the hostname of `primary_hostname` is used
-  Root domen_ukazannyy_zdes.  If the item is not specified, it is used  +qualify_domain = sharewiz.net
-  # Hostname of `primary_hostname`. +
- qualify_domain = sharewiz.net+
  
- # Host Name for the situation, return to the previous one - is the domain name to be added to the e-mail  +# Host Name for the situation, return to the previous one - is the domain name to be added to the e-mail  
-  # Of system users, well and in general for the post, which came on the address type `root` etc ... +# Of system users, well and in general for the post, which came on the address type `root` etc ... 
   Eton # If the item is not specified then the value obtained from the preceding paragraph - `qualify_domain`   Eton # If the item is not specified then the value obtained from the preceding paragraph - `qualify_domain`
  qualify_recipient = sharewiz.net  qualify_recipient = sharewiz.net
Line 453: Line 481:
  system_filter_group = mail     system_filter_group = mail   
 </code> </code>
- 
  
 ==== 110.greylist.conf ==== ==== 110.greylist.conf ====
exim4/config.1479896917.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki