My very own mail server (exim4)

Installing (apt-get install exim4) and configuring (dpkg-reconfigure exim4-config) the server. I decided not to split the configuration into multiple files within the /etc/exim4/conf.d directory, so the single config file /etc/exim4/exim4.conf.template is used instead! The default configuration seems to listen on port 25 only. Adding the lines

daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465

enables the TCP ports 465 and 587 as well, some mail programs need it this way.

In a subsequent step, the mail server is configured for TLS. A self signed certificate is generated by executing /usr/share/doc/exim4-base/examples/exim-gencert. MAIN_TLS_ENABLE = yes in the TLS section of /etc/exim4/exim4.conf.template enables it. In the same file, the sections with plain_saslauthd_server and login_saslauthd_server need to be uncommented.

Allowed email users are added to exim4 using /usr/share/doc/exim4-base/examples/exim-adduser. The password file /etc/exmin4/passwd should be protected: chown root:Debian-exim /etc/exim4/passwdfollowed by chmod 640 /etc/exim4/passwd. For each of these users a home directory is needed to deliver the mail (calling adduser <name> on Ubuntu).

Configuring SASL by installing it (apt-get install sasl2-bin) and editing START=yes in /etc/default/saslauthd. Finally, exim4 needs to be a member in the sail group: adduser Debian-exim sasl. The server needs a restart: systemctl restart saslauthd.

At the end, updating (update-exim4.conf) and restarting (systemctl restart exim4) might be a good idea. The update converts the config template and auto-generates the configuration to /var/lib/exim4/config.autogenerated where it is read by exim4 itself.

For exim4 to work, the firewall should open TCP ports 25 and 587 (SSL).

Continue reading “My very own mail server (exim4)”