zeldor.biz

Linux, programming and more

Copyright © 2025
Log in

Exim stop Newsletter crap

May 19, 2011 by Igor Drobot Leave a Comment

Exim4

local_sender_blacklist
This is a onboard exim possibility to blacklist special addresses, its only a optional file which contains a list of envelope senders whose messages will be denied;

1
550-sender envelope address noreply@rustock.net is locally blacklisted here

550-sender envelope address noreply@rustock.net is locally blacklisted here

Example of content:

1
2
3
cat /etc/exim4/local_sender_blacklist
noreply@rustock.net
parker.ball@freeemailservice.info

cat /etc/exim4/local_sender_blacklist noreply@rustock.net parker.ball@freeemailservice.info

Restart or reload of exim is not required.

Filed Under: Debian, Linux, Mailing, Networking Tagged With: Exim4, MTA, SPAM

Exim SMTP authentication

April 6, 2011 by Igor Drobot Leave a Comment

Some years ago a set up my mail system with SMTP authentication, the credentials for sending and receiving E-Mails could be different. I had a special list for SMTP auth with username:password.

I think it is too secure and it makes me too much work to document all this passwords

You can access the Courier authdaemon from an Exim authenticator. That means you have only one password.
[Read more…]

Filed Under: Linux Tagged With: Debian, Exim4, exim4 auth, SMTP, SMTP authentication

Exim Courier and SSL

August 8, 2010 by Igor Drobot Leave a Comment

Here I will be setting up SSL cert with Exim4 and Courier-MAP under Debian 5 or Lenny to secure the sending and retrieval of emails and username and password details to my server.
In this how to I’m using a free 30 days certificate from psw[dot]net.

Create you own SSL config in: “/etc/exim4/conf.d/main/ss_certificate” and put it in:

1
2
3
4
MAIN_TLS_ENABLE = true
tls_certificate = /etc/exim4/mx.domain.com.cert
tls_privatekey = /etc/exim4/mx.domain.com.key
tls_on_connect_ports = 465

MAIN_TLS_ENABLE = true tls_certificate = /etc/exim4/mx.domain.com.cert tls_privatekey = /etc/exim4/mx.domain.com.key tls_on_connect_ports = 465

Don’t forget to change the group of your certificate to: Debian-exim

1
chown root:Debian-exim /etc/exim4/mx.idrobot.net*

chown root:Debian-exim /etc/exim4/mx.idrobot.net*

Exim standard config “/etc/exim4/conf.d/main/03_exim4-config_tlsoptions” has already some TLS options like:
tls_certificate and tls_privatekey. decomment it. Because we use our own config for it, see above.

Now we make exim listen on port 465, edit the following config:

1
vim /etc/default/exim4

vim /etc/default/exim4

Replace the standard:

1
2
3
#SMTPLISTENEROPTIONS=''
# to
SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'

#SMTPLISTENEROPTIONS='' # to SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'

After restart Eeim will be able to listen on port 25 and 465, and we are able to send mails over SSL ; PS. don’t forget your firewall ;)

1
iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT

iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT



The next step is secure receive of mails with Courier IMAP-SSL Deamon

Now as second step to complete SSL-configuration open your imapd-ssl config

1
vim /etc/courier/imapd-ssl

vim /etc/courier/imapd-ssl

and search for TLS_CERTFILE

1
TLS_CERTFILE=/etc/courier/mx.domain.com.pem

TLS_CERTFILE=/etc/courier/mx.domain.com.pem

This mx.domain.com.pem certificate contains certificate and rsa private key:

1
cat mx.domain.com.crt mx.domain.com.key >> mx.domain.com.pem

cat mx.domain.com.crt mx.domain.com.key >> mx.domain.com.pem

1
/etc/init.d/courier-imap-ssl restart

/etc/init.d/courier-imap-ssl restart



Test your certificate by connecting to SSL-Port:

1
openssl s_client -connect localhost:993 -state -debug

openssl s_client -connect localhost:993 -state -debug

Filed Under: Debian, Linux, Mailing, Networking Tagged With: Courier, Exim4, IMAP, IMAP-SSL, Port 465, Port 993, SMTP

Yeaaah Cookie! We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok