Tag Archive for 'Exim4'

Exim stop Newsletter crap

Published on May 19, 2011 12:58 Tags: , , .

Exim4

local_sender_blacklist
This is a onboard exim possibility to blacklist special addresses, its only a optional file which contains a list of envelope senders whose messages will be denied;

1

550-sender envelope address noreply@rustock.net is locally blacklisted here

Example of content:

1
2
3

cat /etc/exim4/local_sender_blacklist
noreply@rustock.net
parker.ball@freeemailservice.info

Restart or reload of exim is not required.

Exim SMTP authentication

Published on April 6, 2011 13:33 Tags: , , , , .

Some years ago a set up my mail system with SMTP authentication, the credentials for sending and receiving E-Mails could be different. I had a special list for SMTP auth with username:password.

I think it is too secure and it makes me too much work to document all this passwords

You can access the Courier authdaemon from an Exim authenticator. That means you have only one password.
Continue reading ‘Exim SMTP authentication’

Exim Courier and SSL

Published on August 8, 2010 21:19 Tags: , , , , , , .

Here I will be setting up SSL cert with Exim4 and Courier-MAP under Debian 5 or Lenny to secure the sending and retrieval of emails and username and password details to my server.
In this how to I’m using a free 30 days certificate from psw[dot]net.

Create you own SSL config in: “/etc/exim4/conf.d/main/ss_certificate” and put it in:

1
2
3
4

MAIN_TLS_ENABLE = true
tls_certificate = /etc/exim4/mx.domain.com.cert
tls_privatekey = /etc/exim4/mx.domain.com.key
tls_on_connect_ports = 465

Don’t forget to change the group of your certificate to: Debian-exim

1

chown root:Debian-exim /etc/exim4/mx.idrobot.net*

Exim standard config “/etc/exim4/conf.d/main/03_exim4-config_tlsoptions” has already some TLS options like:
tls_certificate and tls_privatekey. decomment it. Because we use our own config for it, see above.

Now we make exim listen on port 465, edit the following config:

1

vim /etc/default/exim4

Replace the standard:

1
2
3

#SMTPLISTENEROPTIONS=''
# to
SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'

After restart Eeim will be able to listen on port 25 and 465, and we are able to send mails over SSL ; PS. don’t forget your firewall ;)

1

iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT



The next step is secure receive of mails with Courier IMAP-SSL Deamon

Now as second step to complete SSL-configuration open your imapd-ssl config

1

vim /etc/courier/imapd-ssl

and search for TLS_CERTFILE

1

TLS_CERTFILE=/etc/courier/mx.domain.com.pem

This mx.domain.com.pem certificate contains certificate and rsa private key:

1

cat mx.domain.com.crt mx.domain.com.key >> mx.domain.com.pem
1

/etc/init.d/courier-imap-ssl restart



Test your certificate by connecting to SSL-Port:

1

openssl s_client -connect localhost:993 -state -debug