Exim

From TYO Lab Wiki
Revision as of 03:27, 27 August 2015 by Admin (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Exim configuration could be very tricky due to a few factors including your ISP blocking 25 port and authentication problems.

CentOS/RHEL Exim/Dovecot Installation[edit]

SSL Certificate[edit]

You might just self signed a certificate:

mkdir -p /etc/ssl
cd /etc/ssl
openssl req -nodes -x509 -newkey rsa:2048 -keyout mail.example.com.key -out mail.example.com.crt -days 730

Exim and Dovecot[edit]

yum install exim system-switch-mail cyrus-sasl-plain cyrus-sasl cyrus-imapd dovecot file perl-Mail-SPF.noarch openssl 

Setup Exim as the main Mail Agent[edit]

system-switch-mail
service exim start
chkconfig exim on

If you have sendmail installed,

service sendmail stop
chkconfig sendmail off

Exim Configuration[edit]

vi /etc/exim/exim.conf
primary_hostname = mail.example.com
#domainlist local_domains = @ : localhost : localhost.localdomain
domainlist local_domains = @ : localhost: example.com
domainlist relay_to_domains =
hostlist   relay_from_hosts = 127.0.0.1 : 14.202.65.129 : 104.197.40.53
#hostlist   relay_from_hosts = *
tls_advertise_hosts = *
#tls_certificate = /etc/pki/tls/certs/exim.pem
#tls_privatekey = /etc/pki/tls/private/exim.pem
tls_certificate =  /etc/ssl/mail.example.com.crt
tls_privatekey =  /etc/ssl/mail.example.com.key

If you want to add a smart host like other Exim tutorial suggested, please note don't use the current server as the smart host server, other wise you will receive error as follows:

2015-08-25 02:13:58 1ZU7UC-0000W2-Lf remote host address is the local host: example.com


Restart exim service:

service exim restart

Exim Debug[edit]

Test host:[edit]

exim -bh -d x.x.x.x

Enter

QUIT

to exit.

Test email address:[edit]

exim -bt -d test@example.com

Test with debug information:[edit]

exim [] -d [IP address|email address]

CentOS/RHEL 5[edit]

The default package doesn't have Dovecot authenticator support. To compromise, we might just use Cyrus SASL

yum install cyrus-sasl-plain cyrus-sasl cyrus-imapd

CentOS/RHEL 7[edit]

The default package has Dovecot authenticator support.

dovecot_login:
  driver = dovecot
  public_name = LOGIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1

dovecot_plain:
  driver = dovecot
  public_name = PLAIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1


Exim Logs[edit]

under /var/log/exim/ directory:

main.log  panic.log  reject.log

Common Errors[edit]

  • Connection refused

If you try to connect to the mail server with telnet:

telnet mail.example.com 25
, you might get connection refused error.

So make sure to have Exim listen on the correct interface.

#local_interfaces = <; 127.0.0.1 ; ::1
local_interfaces = <; ::0 ; 0.0.0.0
  • 535 Incorrect authentication data (set_id=xxxx)

Please refer to SASLAUD section for more information.

Dovecot[edit]

SSL Configuration[edit]

  • on CentOS/RHEL 5
ssl_disable = no
ssl_cert_file = /etc/ssl/mail.example.com.crt
ssl_key_file = /etc/ssl/mail.example.com.key

  • on CentOS/RHEL 7

vi /etc/dovecot/conf.d/10-ssl.conf

ssl = yes
ssl_cert = </etc/ssl/mail.example.com.crt
ssl_key = </etc/ssl/mail.example.com.key

SASLAUD[edit]

SMTPD[edit]

vi /etc/sasl2/smtpd.conf

#pwcheck_method: auxprop
pwcheck_method: saslauthd
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 


IMAPD[edit]

vi /etc/imapd.conf

defaultdomain:		example.com
servername:		mail.example.com
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
allowanonymouslogin:	no
allowplaintext:		yes
sasl_pwcheck_method: saslauthd
sasl_mech_list: LOGIN PLAIN CRAM-MD5 DIGEST-MD5
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt

Common Error[edit]

By default, the saslaud authentication mechanism is set to MECH=pam in file /etc/sysconfig/saslauthd. However if you haven't set up the PAM correctly, you will see the 2015-08-25 02:13:58 1ZU7UC-0000W2-Lf remote host address is the local host: example.com in the Exim log file.

Solution[edit]

Change the authentication mechanism is to MECH=shadow.

service saslauthd restart

References[edit]

A Complete Configuration File Of Exim (exim.conf)