Linux, programming and more
local_sender_blacklist
This is a onboard exim possibility to blacklist special addresses, its only a optional file which contains a list of envelope senders whose messages will be denied;
1 | 550-sender envelope address noreply@rustock.net is locally blacklisted here |
Example of content:
1 2 3 | cat /etc/exim4/local_sender_blacklist noreply@rustock.net parker.ball@freeemailservice.info |
Restart or reload of exim is not required.
Some years ago a set up my mail system with SMTP authentication, the credentials for sending and receiving E-Mails could be different. I had a special list for SMTP auth with username:password.
I think it is too secure and it makes me too much work to document all this passwords
You can access the Courier authdaemon from an Exim authenticator. That means you have only one password.
[Read more…]
Here I will be setting up SSL cert with Exim4 and Courier-MAP under Debian 5 or Lenny to secure the sending and retrieval of emails and username and password details to my server.
In this how to I’m using a free 30 days certificate from psw[dot]net.
Create you own SSL config in: “/etc/exim4/conf.d/main/ss_certificate” and put it in:
1 2 3 4 | MAIN_TLS_ENABLE = true tls_certificate = /etc/exim4/mx.domain.com.cert tls_privatekey = /etc/exim4/mx.domain.com.key tls_on_connect_ports = 465 |
Don’t forget to change the group of your certificate to: Debian-exim
1 | chown root:Debian-exim /etc/exim4/mx.idrobot.net* |
Exim standard config “/etc/exim4/conf.d/main/03_exim4-config_tlsoptions” has already some TLS options like:
tls_certificate and tls_privatekey. decomment it. Because we use our own config for it, see above.
Now we make exim listen on port 465, edit the following config:
1 | vim /etc/default/exim4 |
Replace the standard:
1 2 3 | #SMTPLISTENEROPTIONS='' # to SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid' |
After restart Eeim will be able to listen on port 25 and 465, and we are able to send mails over SSL ; PS. don’t forget your firewall ;)
1 | iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT |
The next step is secure receive of mails with Courier IMAP-SSL Deamon
Now as second step to complete SSL-configuration open your imapd-ssl config
1 | vim /etc/courier/imapd-ssl |
and search for TLS_CERTFILE
1 | TLS_CERTFILE=/etc/courier/mx.domain.com.pem |
This mx.domain.com.pem certificate contains certificate and rsa private key:
1 | cat mx.domain.com.crt mx.domain.com.key >> mx.domain.com.pem |
1 | /etc/init.d/courier-imap-ssl restart |
Test your certificate by connecting to SSL-Port:
1 | openssl s_client -connect localhost:993 -state -debug |