This is a onboard exim possibility to blacklist special addresses, its only a optional file which contains a list of envelope senders whose messages will be denied;
550-sender envelope address firstname.lastname@example.org is locally blacklisted here
Example of content:
Restart or reload of exim is not required.
Some years ago a set up my mail system with SMTP authentication, the credentials for sending and receiving E-Mails could be different. I had a special list for SMTP auth with username:password.
I think it is too secure and it makes me too much work to document all this passwords
You can access the Courier authdaemon from an Exim authenticator. That means you have only one password.
Continue reading ‘Exim SMTP authentication’
Here I will be setting up SSL cert with Exim4 and Courier-MAP under Debian 5 or Lenny to secure the sending and retrieval of emails and username and password details to my server.
In this how to I’m using a free 30 days certificate from psw[dot]net.
Create you own SSL config in: “/etc/exim4/conf.d/main/ss_certificate” and put it in:
MAIN_TLS_ENABLE = true
tls_certificate = /etc/exim4/mx.domain.com.cert
tls_privatekey = /etc/exim4/mx.domain.com.key
tls_on_connect_ports = 465
Don’t forget to change the group of your certificate to: Debian-exim
chown root:Debian-exim /etc/exim4/mx.idrobot.net*
Exim standard config “/etc/exim4/conf.d/main/03_exim4-config_tlsoptions” has already some TLS options like:
tls_certificate and tls_privatekey. decomment it. Because we use our own config for it, see above.
Now we make exim listen on port 465, edit the following config:
Replace the standard:
SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'
After restart Eeim will be able to listen on port 25 and 465, and we are able to send mails over SSL ; PS. don’t forget your firewall ;)
iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT
The next step is secure receive of mails with Courier IMAP-SSL Deamon
Now as second step to complete SSL-configuration open your imapd-ssl config
and search for TLS_CERTFILE
This mx.domain.com.pem certificate contains certificate and rsa private key:
cat mx.domain.com.crt mx.domain.com.key >> mx.domain.com.pem
Test your certificate by connecting to SSL-Port:
openssl s_client -connect localhost:993 -state -debug