Install and configure Exim4

Install Exim4

To install Exim4, run the following command:

sudo apt install exim4

Configure Exim4

To configure Exim4, run the following command:

sudo dpkg-reconfigure exim4-config

This displays a “wizard” user interface for configuring the software. For example, in Exim4 the configuration files are split amongst multiple files by default; if you wish to have them in one file you can configure this via the user interface.

All configurable parameters from the user interface are stored in the /etc/exim4/update-exim4.conf.conf file. To re-configure the software you can either re-run the wizard, or manually edit this file using your preferred editor.

Once you are finished, you can run the following command to generate the master configuration file:

sudo update-exim4.conf

The master configuration file is stored in /var/lib/exim4/config.autogenerated.

Warning: You should never manually edit the master configuration file, /var/lib/exim4/config.autogenerated, because it is updated automatically every time you run update-exim4.conf. Any changes you make to this file will be lost during future updates.

Start the Exim4 daemon

The following command will start the Exim4 daemon:

sudo service exim4 start

SMTP authentication

Exim4 can be configured to use SMTP-AUTH with Transport Layer Security (TLS) and Simple Authentication and Security Layer (SASL).

First, enter the following into a terminal prompt to create a certificate for use with TLS:

sudo /usr/share/doc/exim4-base/examples/exim-gencert

Configure Exim4 for TLS by editing the /etc/exim4/conf.d/main/03_exim4-config_tlsoptions file and adding the following:

MAIN_TLS_ENABLE = yes

Next, configure Exim4 to use the saslauthd daemon for authentication by editing /etc/exim4/conf.d/auth/30_exim4-config_examples – uncomment the plain_saslauthd_server and login_saslauthd_server sections:

plain_saslauthd_server:
  driver = plaintext
  public_name = PLAIN
  server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
  server_set_id = $auth2
  server_prompts = :
  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
  .endif

login_saslauthd_server:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  # don't send system passwords over unencrypted connections
  server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
  server_set_id = $auth1
  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
  .endif

To enable outside mail clients to connect to the new server, a new user needs to be added into Exim4 by using the following commands:

sudo /usr/share/doc/exim4-base/examples/exim-adduser

Protect the new password files with the following commands:

sudo chown root:Debian-exim /etc/exim4/passwd
sudo chmod 640 /etc/exim4/passwd

Finally, update the Exim4 configuration and restart the service:

sudo update-exim4.conf
sudo systemctl restart exim4.service

Configure SASL

To configure saslauthd to provide authentication for Exim4, first install the sasl2-bin package by running this command at a terminal prompt:

sudo apt install sasl2-bin

To configure saslauthd, edit the /etc/default/saslauthd configuration file and set:

START=yes

Next, to make Exim4 use the saslauthd service, the Debian-exim user needs to be part of the sasl group:

sudo adduser Debian-exim sasl

Finally, start the saslauthd service:

sudo service saslauthd start

Exim4 is now configured with SMTP-AUTH using TLS and SASL authentication.

References