My very own mail server (exim4)

Installing (apt-get install exim4) and configuring (dpkg-reconfigure exim4-config) the server. I decided not to split the configuration into multiple files within the /etc/exim4/conf.d directory, so the single config file /etc/exim4/exim4.conf.template is used instead! The default configuration seems to listen on port 25 only. Adding the lines

daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465

enables the TCP ports 465 and 587 as well, some mail programs need it this way.

In a subsequent step, the mail server is configured for TLS. A self signed certificate is generated by executing /usr/share/doc/exim4-base/examples/exim-gencert. MAIN_TLS_ENABLE = yes in the TLS section of /etc/exim4/exim4.conf.template enables it. In the same file, the sections with plain_saslauthd_server and login_saslauthd_server need to be uncommented.

Allowed email users are added to exim4 using /usr/share/doc/exim4-base/examples/exim-adduser. The password file /etc/exmin4/passwd should be protected: chown root:Debian-exim /etc/exim4/passwdfollowed by chmod 640 /etc/exim4/passwd. For each of these users a home directory is needed to deliver the mail (calling adduser <name> on Ubuntu).

Configuring SASL by installing it (apt-get install sasl2-bin) and editing START=yes in /etc/default/saslauthd. Finally, exim4 needs to be a member in the sail group: adduser Debian-exim sasl. The server needs a restart: systemctl restart saslauthd.

At the end, updating (update-exim4.conf) and restarting (systemctl restart exim4) might be a good idea. The update converts the config template and auto-generates the configuration to /var/lib/exim4/config.autogenerated where it is read by exim4 itself.

For exim4 to work, the firewall should open TCP ports 25 and 587 (SSL).


With the help of swaks (the swiss army knife for SMTP), the exim4 server can be tested:

swaks -a -tls -q HELO -s smtp_host -au test -ap '<>'

A working connection looks like:

=== Trying smtp_host:25...
=== Connected to smtp_host.
<-  220 xxx ESMTP Exim 4.88 Ubuntu Fri, 09 Jun 2017 17:18:17 +0200
 -> EHLO xxx
<-  250-xxx Hello xxx [some ip]
<-  250-SIZE 52428800
<-  250-8BITMIME
<-  250-STARTTLS
<-  250-PRDR
<-  250 HELP
<-  220 TLS go ahead
=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
=== TLS no local certificate set
=== TLS peer DN="Certificate details"
 ~> EHLO xxx
<~  250-xxx Hello xxx [some ip]
<~  250-SIZE 52428800
<~  250-8BITMIME
<~  250-PRDR
<~  250 HELP
 ~> QUIT
<~  221 xxx closing connection

There was a minor hiccup after installing swaks and testing the exim4 server, because the above call returned:

*** TLS not available: requires Net::SSLeay.  Exiting

This Perl module had to be installed for swaks by starting cpan and calling install Net::SSLeay.


Leave a Reply

Your email address will not be published. Required fields are marked *