apt-get install exim4) and configuring (
dpkg-reconfigure exim4-config) the server. I decided not to split the configuration into multiple files within the
/etc/exim4/conf.d directory, so the single config file
/etc/exim4/exim4.conf.template is used instead! The default configuration seems to listen on port 25 only. Adding the lines
daemon_smtp_ports = 25 : 465 : 587 tls_on_connect_ports = 465
enables the TCP ports 465 and 587 as well, some mail programs need it this way.
In a subsequent step, the mail server is configured for TLS. A self signed certificate is generated by executing
MAIN_TLS_ENABLE = yes in the TLS section of
/etc/exim4/exim4.conf.template enables it. In the same file, the sections with
login_saslauthd_server need to be uncommented.
Allowed email users are added to
/usr/share/doc/exim4-base/examples/exim-adduser. The password file
/etc/exmin4/passwd should be protected:
chown root:Debian-exim /etc/exim4/passwdfollowed by
chmod 640 /etc/exim4/passwd. For each of these users a home directory is needed to deliver the mail (calling
adduser <name> on Ubuntu).
Configuring SASL by installing it (
apt-get install sasl2-bin) and editing
exim4 needs to be a member in the
adduser Debian-exim sasl. The server needs a restart:
systemctl restart saslauthd.
At the end, updating (
update-exim4.conf) and restarting (
systemctl restart exim4) might be a good idea. The update converts the config template and auto-generates the configuration to
/var/lib/exim4/config.autogenerated where it is read by exim4 itself.
exim4 to work, the firewall should open TCP ports 25 and 587 (SSL).
With the help of
swaks (the swiss army knife for SMTP), the
exim4 server can be tested:
swaks -a -tls -q HELO -s smtp_host -au test -ap '<>'
A working connection looks like:
=== Trying smtp_host:25... === Connected to smtp_host. <- 220 xxx ESMTP Exim 4.88 Ubuntu Fri, 09 Jun 2017 17:18:17 +0200 -> EHLO xxx <- 250-xxx Hello xxx [some ip] <- 250-SIZE 52428800 <- 250-8BITMIME <- 250-PIPELINING <- 250-STARTTLS <- 250-PRDR <- 250 HELP -> STARTTLS <- 220 TLS go ahead === TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 === TLS no local certificate set === TLS peer DN="Certificate details" ~> EHLO xxx <~ 250-xxx Hello xxx [some ip] <~ 250-SIZE 52428800 <~ 250-8BITMIME <~ 250-PIPELINING <~ 250-AUTH PLAIN LOGIN <~ 250-PRDR <~ 250 HELP ~> QUIT <~ 221 xxx closing connection
There was a minor hiccup after installing
swaks and testing the
exim4 server, because the above call returned:
*** TLS not available: requires Net::SSLeay. Exiting
This Perl module had to be installed for
swaks by starting
cpan and calling