Install and configure Exim4¶
Install Exim4¶
To install Exim4, run the following command:
sudo apt install exim4
Configure Exim4¶
To configure Exim4, run the following command:
sudo dpkg-reconfigure exim4-config
This displays a “wizard” user interface for configuring the software. For example, in Exim4 the configuration files are split amongst multiple files by default; if you wish to have them in one file you can configure this via the user interface.
All configurable parameters from the user interface are stored in the /etc/exim4/update-exim4.conf.conf
file. To re-configure the software you can either re-run the wizard, or manually edit this file using your preferred editor.
Once you are finished, you can run the following command to generate the master configuration file:
sudo update-exim4.conf
The master configuration file is stored in /var/lib/exim4/config.autogenerated
.
Warning: You should never manually edit the master configuration file,
/var/lib/exim4/config.autogenerated
, because it is updated automatically every time you runupdate-exim4.conf
. Any changes you make to this file will be lost during future updates.
Start the Exim4 daemon¶
The following command will start the Exim4 daemon:
sudo service exim4 start
SMTP authentication¶
Exim4 can be configured to use SMTP-AUTH with Transport Layer Security (TLS) and Simple Authentication and Security Layer (SASL).
First, enter the following into a terminal prompt to create a certificate for use with TLS:
sudo /usr/share/doc/exim4-base/examples/exim-gencert
Configure Exim4 for TLS by editing the /etc/exim4/conf.d/main/03_exim4-config_tlsoptions
file and adding the following:
MAIN_TLS_ENABLE = yes
Next, configure Exim4 to use the saslauthd
daemon for authentication by editing /etc/exim4/conf.d/auth/30_exim4-config_examples
– uncomment the plain_saslauthd_server
and login_saslauthd_server
sections:
plain_saslauthd_server:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
server_set_id = $auth2
server_prompts = :
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
login_saslauthd_server:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
# don't send system passwords over unencrypted connections
server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
server_set_id = $auth1
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
To enable outside mail clients to connect to the new server, a new user needs to be added into Exim4 by using the following commands:
sudo /usr/share/doc/exim4-base/examples/exim-adduser
Protect the new password files with the following commands:
sudo chown root:Debian-exim /etc/exim4/passwd
sudo chmod 640 /etc/exim4/passwd
Finally, update the Exim4 configuration and restart the service:
sudo update-exim4.conf
sudo systemctl restart exim4.service
Configure SASL¶
To configure saslauthd
to provide authentication for Exim4, first install the sasl2-bin
package by running this command at a terminal prompt:
sudo apt install sasl2-bin
To configure saslauthd
, edit the /etc/default/saslauthd
configuration file and set:
START=yes
Next, to make Exim4 use the saslauthd
service, the Debian-exim user needs to be part of the sasl group:
sudo adduser Debian-exim sasl
Finally, start the saslauthd
service:
sudo service saslauthd start
Exim4 is now configured with SMTP-AUTH using TLS and SASL authentication.
References¶
See exim.org for more information.
Another resource is the Exim4 Ubuntu Wiki page.
Further resources to set up mailman3 with Exim4.