(install-exim4)= # Install and configure Exim4 ## Install Exim4 To install [Exim4](https://www.exim.org/), run the following command: ```bash sudo apt install exim4 ``` ## Configure Exim4 To configure Exim4, run the following command: ```bash sudo dpkg-reconfigure exim4-config ``` This displays a "wizard" user interface for configuring the software. For example, in Exim4 the configuration files are split amongst multiple files by default; if you wish to have them in one file you can configure this via the user interface. All configurable parameters from the user interface are stored in the `/etc/exim4/update-exim4.conf.conf` file. To re-configure the software you can either re-run the wizard, or manually edit this file using your preferred editor. Once you are finished, you can run the following command to generate the master configuration file: ```bash sudo update-exim4.conf ``` The master configuration file is stored in `/var/lib/exim4/config.autogenerated`. > **Warning**: > You should never manually edit the master configuration file, `/var/lib/exim4/config.autogenerated`, because it is updated automatically every time you run `update-exim4.conf`. Any changes you make to this file will be lost during future updates. ## Start the Exim4 daemon The following command will start the Exim4 daemon: ```bash sudo service exim4 start ``` ## SMTP authentication Exim4 can be configured to use SMTP-AUTH with Transport Layer Security (TLS) and Simple Authentication and Security Layer (SASL). First, enter the following into a terminal prompt to create a certificate for use with TLS: ```bash sudo /usr/share/doc/exim4-base/examples/exim-gencert ``` Configure Exim4 for TLS by editing the `/etc/exim4/conf.d/main/03_exim4-config_tlsoptions` file and adding the following: ```text MAIN_TLS_ENABLE = yes ``` Next, configure Exim4 to use the `saslauthd` daemon for authentication by editing `/etc/exim4/conf.d/auth/30_exim4-config_examples` -- uncomment the `plain_saslauthd_server` and `login_saslauthd_server` sections: ```text plain_saslauthd_server: driver = plaintext public_name = PLAIN server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}} server_set_id = $auth2 server_prompts = : .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} .endif login_saslauthd_server: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" # don't send system passwords over unencrypted connections server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}} server_set_id = $auth1 .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} .endif ``` To enable outside mail clients to connect to the new server, a new user needs to be added into Exim4 by using the following commands: ```bash sudo /usr/share/doc/exim4-base/examples/exim-adduser ``` Protect the new password files with the following commands: ```bash sudo chown root:Debian-exim /etc/exim4/passwd sudo chmod 640 /etc/exim4/passwd ``` Finally, update the Exim4 configuration and restart the service: ```bash sudo update-exim4.conf sudo systemctl restart exim4.service ``` ## Configure SASL To configure `saslauthd` to provide authentication for Exim4, first install the `sasl2-bin` package by running this command at a terminal prompt: ```bash sudo apt install sasl2-bin ``` To configure `saslauthd`, edit the `/etc/default/saslauthd` configuration file and set: ```text START=yes ``` Next, to make Exim4 use the `saslauthd` service, the *Debian-exim* user needs to be part of the *sasl* group: ```bash sudo adduser Debian-exim sasl ``` Finally, start the `saslauthd` service: ```bash sudo service saslauthd start ``` Exim4 is now configured with SMTP-AUTH using TLS and SASL authentication. ## References - See [exim.org](http://www.exim.org/) for more information. - Another resource is the [Exim4 Ubuntu Wiki](https://help.ubuntu.com/community/Exim4) page. - Further resources to [set up mailman3 with Exim4](https://mailman.readthedocs.io/en/latest/src/mailman/docs/mta.html#exim).