[{"data":1,"prerenderedAt":783},["ShallowReactive",2],{"Categories":3,"NavIndexCategoriesCountFooter":203,"content-\u002F2005\u002F05\u002F19\u002Fsendmail-exim4\u002F":204},[4,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,68,70,71,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202],{"category":5},"System Administration",{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},"Software Development",{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":27},{"category":27},{"category":67},"Drones & RC",{"category":69},"DIY Projects",{"category":67},{"category":72},"Photography",{"category":69},{"category":69},{"category":69},{"category":67},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":67},{"category":69},{"category":69},{"category":67},{"category":67},{"category":72},{"category":72},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":5},{"category":5},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":5},{"category":67},{"category":67},{"category":72},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":72},{"category":67},{"category":138},"3D Printing - Laser Cutting - CNC",{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":5},{"category":138},{"category":27},{"category":27},{"category":138},{"category":138},{"category":72},{"category":158},"Photography,3D Printing - Laser Cutting - CNC",{"category":27},{"category":27},{"category":69},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":67},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":27},{"category":69},{"category":27},{"category":27},{"category":27},{"category":27},{"category":181},"Home Assistant",{"category":181},{"category":72},{"category":27},{"category":27},{"category":72},{"category":138},{"category":5},{"category":72},{"category":72},{"category":138},{"category":27},{"category":181},{"category":181},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},191,{"id":205,"title":206,"body":207,"category":5,"date":767,"description":213,"embedImage":768,"extension":769,"image":768,"intro":768,"meta":770,"navigation":771,"path":772,"seo":773,"series":768,"sitemap":774,"stem":775,"tags":776,"__hash__":782},"content\u002F2005\u002F05\u002F19\u002Fsendmail-exim4.md","sendmail -> exim4",{"type":208,"value":209,"toc":765},"minimark",[210,214,217,223,249,252,265,268,273,276,290,293,298,301,312,315,335,338,341,349,352,358,361,367,370,375,389,421,427,434,441,446,449,452,455,458,478,481,498,501,504,507,510,516,519,522,525,682,685,688,691,694,697,702,705,708,714,717,723,728,736,739,761],[211,212,213],"p",{},"Have been running sendmail for a long time on woody. However - with the upgrade to sarge I've been taking a look at exim's configuration - since the sendmail config is a nightmare :)",[211,215,216],{},"Status so far",[211,218,219],{},[220,221,222],"strong",{},"Installation",[224,225,230],"pre",{"className":226,"code":227,"language":228,"meta":229,"style":229},"language-shell shiki shiki-themes github-dark","apt-get install exim4-daemon-heavy\n","shell","",[231,232,233],"code",{"__ignoreMap":229},[234,235,238,242,246],"span",{"class":236,"line":237},"line",1,[234,239,241],{"class":240},"svObZ","apt-get",[234,243,245],{"class":244},"sU2Wk"," install",[234,247,248],{"class":244}," exim4-daemon-heavy\n",[211,250,251],{},"This got exim4 down and removed sendmail. No debconf prompts came up at all. Some searching in debian-user gave me",[224,253,255],{"className":226,"code":254,"language":228,"meta":229,"style":229},"dpkg-reconfigure exim4-config\n",[231,256,257],{"__ignoreMap":229},[234,258,259,262],{"class":236,"line":237},[234,260,261],{"class":240},"dpkg-reconfigure",[234,263,264],{"class":244}," exim4-config\n",[211,266,267],{},"Good start - got it listening on more than 127.0.0.1 and got the list of local names installed.",[211,269,270],{},[220,271,272],{},"Spamassassin",[211,274,275],{},"I was using a sendmail milter to run spamassassin - for exim an apt-cache search gave me a hint",[224,277,279],{"className":226,"code":278,"language":228,"meta":229,"style":229},"apt-get install sa-exim\n",[231,280,281],{"__ignoreMap":229},[234,282,283,285,287],{"class":236,"line":237},[234,284,241],{"class":240},[234,286,245],{"class":244},[234,288,289],{"class":244}," sa-exim\n",[211,291,292],{},"The \u002Fusr\u002Fshare\u002Fdoc\u002Fsa-exim\u002FREADME.Debian is a good file to read.",[211,294,295],{},[220,296,297],{},"ClamAV",[211,299,300],{},"Here's another useful link (good for the clamav stuff):",[211,302,303],{},[304,305,306],"a",{"href":306,"rel":307,"target":311},"http:\u002F\u002Fkoivi.com\u002Fexim4-config\u002F",[308,309,310],"nofollow","noopener","noreferer","_blank",[211,313,314],{},"From this I took the following:",[224,316,318],{"className":226,"code":317,"language":228,"meta":229,"style":229},"apt-get install clamav-daemon spamassassin spamc\n",[231,319,320],{"__ignoreMap":229},[234,321,322,324,326,329,332],{"class":236,"line":237},[234,323,241],{"class":240},[234,325,245],{"class":244},[234,327,328],{"class":244}," clamav-daemon",[234,330,331],{"class":244}," spamassassin",[234,333,334],{"class":244}," spamc\n",[211,336,337],{},"An addition that I discovered - you need to edit \u002Fetc\u002Fdefault\u002Fspamassassin and set ENABLED=1 or it won't even start.",[211,339,340],{},"Add the following to your \u002Fetc\u002Fexim4\u002Fconf.d\u002Fmain\u002F01_exim4-config_listmacrosdefs file:",[224,342,347],{"className":343,"code":345,"language":346,"meta":229},[344],"language-text","# This tells what virus scanner to user\nav_scanner = clamd:\u002Fvar\u002Frun\u002Fclamav\u002Fclamd.ctl\n# Slowing spammers down by holding their connection a bit\nTEERGRUBE = 60s\u003C\u002Fcode>\n","text",[231,348,345],{"__ignoreMap":229},[211,350,351],{},"Edit \u002Fetc\u002Fexim4\u002Fconf.d\u002Facl\u002F40_exim4-config_check_data to inlude the following before the \"# accept otherwise\" line:",[224,353,356],{"className":354,"code":355,"language":346,"meta":229},[344],"# Reject messages that have serious MIME errors.\n# This calls the demime condition again, but it\n# will return cached results.\ndeny message = Serious MIME defect detected ($demime_reason)\ndemime = *\ncondition = ${if >{$demime_errorlevel}{2}{1}{0}}\n.ifdef TEERGRUBE\n    delay = TEERGRUBE\n.endif\n# Reject file extensions used by worms.\n# Note that the extension list may be incomplete.\ndeny message = This domain has a policy of not accepting certain types of attachments \\\n                in mail as they may contain a virus.  This mail has a file with a .$found_extension \\\n                attachment and is not accepted.  If you have a legitimate need to send \\\n                this particular attachment, send it in a compressed archive, and it will \\\n                then be forwarded to the recipient.\ndemime = exe:com:vbs:bat:pif:scr\n.ifdef TEERGRUBE\n    delay = TEERGRUBE\n.endif\n# Reject messages containing malware.\ndeny message = This message contains a virus ($malware_name) and has been rejected\nmalware = *\n.ifdef TEERGRUBE\n    delay = TEERGRUBE\n.endif\n",[231,357,355],{"__ignoreMap":229},[211,359,360],{},"Then, you also need to set access for ClamAV. The best way to handle this is to add the clamav user to the Debian-exim group and be sure that \u002Fetc\u002Fclamav\u002Fclamd.conf contains the following lines (on a fresh sarge install the clamd.conf part was already in place):",[224,362,365],{"className":363,"code":364,"language":346,"meta":229},[344],"User clamav\nAllowSupplementaryGroups\n",[231,366,364],{"__ignoreMap":229},[211,368,369],{},"If you had to add these lines, a restart of ClamAV is necessary for the changes to take effect.",[211,371,372],{},[220,373,374],{},"Virtual domains",[211,376,377,378,383,384,388],{},"This section is taken mostly verbatim from ",[304,379,382],{"href":380,"rel":381,"target":311},"http:\u002F\u002Fwww.debian-administration.org\u002Farticles\u002F140",[308,309,310],"Debian Administration",". This site is ",[385,386,387],"em",{},"highly"," recommended for all debian administrators.",[390,391,392,396,399,405,412,415,418],"ul",{},[393,394,395],"li",{},"mkdir \u002Fetc\u002Fexim4\u002Fvirtual",[393,397,398],{},"For each domain - create a file named after that domain - for example - for this domain I created a file called chrissearle.org",[393,400,401,402],{},"In each file - for each local user to be recognised - add ",[231,403,404],{},"user : user@localhost",[393,406,407,408],{},"In each file - for each remote user to be recognised (mail forwarding) - add user : ",[304,409,411],{"href":410},"mailto:user@remote.host.tld","user@remote.host.tld",[393,413,414],{},"At the end of each file - add a catchall address - * : catchalluser@localhost",[393,416,417],{},"In \u002Fetc\u002Fexim4\u002Fconf.d\u002Fmain\u002F01_exim4-config_listmacrosdef change the line starting domainlist list_domains with domainlist local_domains = @:localhost:dsearch;\u002Fetc\u002Fexim4\u002Fvirtual",[393,419,420],{},"Add \u002Fetc\u002Fexim4\u002Fconf.d\u002Frouter\u002F350_exim4-config_vdom_aliases containing",[224,422,425],{"className":423,"code":424,"language":346,"meta":229},[344],"vdom_aliases:\ndriver = redirect\nallow_defer\nallow_fail\ndomains = dsearch;\u002Fetc\u002Fexim4\u002Fvirtual\ndata = ${expand:${lookup{$local_part}lsearch*@{\u002Fetc\u002Fexim4\u002Fvirtual\u002F$domain}}}\nretry_use_local_part\npipe_transport   = address_pipe\nfile_transport   = address_file\nno_more\n",[231,426,424],{"__ignoreMap":229},[211,428,429,430,433],{},"Here I have assumed that either exim will go through a given virtual file - and send mail to the first matching address - so that the catchall address at the end gets everything that ",[385,431,432],{},"isn't already sent somehwhere else"," or that the * match is special and will only trigger if the mail isn't already handled (regardless of line order in the file). Whichever of these is correct - I find the files more readable with the catchall at the end. Time\u002Fthe documentation will show if this assumption is correct. It's similar to the virtual user handling in sendmail.",[211,435,436,437,440],{},"I have also assumed that all mailman addresses will be in their respective virtual file ",[385,438,439],{},"and"," in \u002Fetc\u002Faliases (where you add the pipe to the mailman programs). Maybe the mailman stuff should be in these files - I'll update this when I find out.",[211,442,443],{},[220,444,445],{},"SMTP AUTH",[211,447,448],{},"One of the main users is on a BT Yahoo broadband. I never managed to get any kind of SMTP AUTH or POP-before-SMTP or anything working with sendmail. So I cheated and opened for relaying from BT. We got away with it for slightly over a year but last weekend the server was found and began to send so much spam that it died. So - that route is out.",[211,450,451],{},"Now - at the same time we're setting up a sarge box with exim - so - let's get SMTP AUTH working.",[211,453,454],{},"I'm going to start with PLAIN and LOGIN - we can look at other ones and SSL later. One step at a time.",[211,456,457],{},"First - I installed the following:",[224,459,461],{"className":226,"code":460,"language":228,"meta":229,"style":229},"apt-get install courier-authdaemon courier-imap courier-pop\n",[231,462,463],{"__ignoreMap":229},[234,464,465,467,469,472,475],{"class":236,"line":237},[234,466,241],{"class":240},[234,468,245],{"class":244},[234,470,471],{"class":244}," courier-authdaemon",[234,473,474],{"class":244}," courier-imap",[234,476,477],{"class":244}," courier-pop\n",[211,479,480],{},"For SSL when I get that far we'll add",[224,482,484],{"className":226,"code":483,"language":228,"meta":229,"style":229},"apt-get install courier-imap-ssl courier-pop-ssl\n",[231,485,486],{"__ignoreMap":229},[234,487,488,490,492,495],{"class":236,"line":237},[234,489,241],{"class":240},[234,491,245],{"class":244},[234,493,494],{"class":244}," courier-imap-ssl",[234,496,497],{"class":244}," courier-pop-ssl\n",[211,499,500],{},"courier-authdaemon is by default set up to use pam - that'll do for now.",[211,502,503],{},"In \u002Fetc\u002Fexim4\u002Fconf.d\u002Fauth\u002F30_exim4-config_examples comment out the active plain: and login: sections",[211,505,506],{},"Add to a new file \u002Fetc\u002Fexim4\u002Fconf.d\u002Fauth\u002F15_exim4-config",[211,508,509],{},"Update - it seems that the conf.d files are read in alphabetical order across the conf.d subdirectories - not within - it may be that this file would be better named 30_exim4-config or similar. You could always edit these sections into the examples file - but - I felt that examples were examples :)",[224,511,514],{"className":512,"code":513,"language":346,"meta":229},[344],"# Unix clients\nplain:\n    driver = plaintext\n    public_name = PLAIN\n    server_condition = \\\n            ${if eq {${readsocket{\u002Fvar\u002Frun\u002Fcourier\u002Fauthdaemon\u002Fsocket}\\\n            {AUTH ${strlen:exim\\nlogin\\n$2\\n$3\\n}\\nexim\\nlogin\\n$2\\n$3\\n}}}{FAIL\\n} {no}{yes}}\n    server_set_id = $2\n# Windows clients\nlogin:\n    driver = plaintext\n    public_name = LOGIN\n    server_prompts = Username:: : Password::\n    server_condition = ${if eq {${readsocket{\u002Fvar\u002Frun\u002Fcourier\u002Fauthdaemon\u002Fsocket} \\\n                {AUTH ${strlen:exim\\nlogin\\n$1\\n$2\\n}\\nexim\\nlogin\\n$1\\n$2\\n}}}{FAIL\\n} {no}{yes}}\n    server_set_id = $1\n",[231,515,513],{"__ignoreMap":229},[211,517,518],{},"This code snippet I found on the net - but I've lost the URL - so - if it's yours please let me know so I can credit.",[211,520,521],{},"Now - \u002Fvar\u002Frun\u002Fcourier\u002Fauthdaemon is not readable by anything other than daemon user and daemon group. The socket is rwx for everyone. I've chosen to add Debian-exim4 user to the daemon group rather than edit the permissions on the authdaemon directory - I'm not sure if this is the best. It is necessary that exim can read\u002Fwrite to that socket.",[211,523,524],{},"Restart exim and try the following (you will need to type the telnet, EHLO and QUIT lines):",[224,526,528],{"className":226,"code":527,"language":228,"meta":229,"style":229},"# telnet localhost 25\nTrying 127.0.0.1...\nConnected to localhost.localdomain.\nEscape character is '^]'.\n220 server.domain.tld ESMTP Exim 4.50 Thu, 19 May 2005 20:15:15 +0200\nEHLO foo\n250-server.domain.tld Hello chris at localhost [127.0.0.1]\n250-SIZE 52428800\n250-PIPELINING\n250-AUTH PLAIN LOGIN\n250 HELP\nQUIT\n",[231,529,530,536,545,557,572,609,618,640,649,655,667,676],{"__ignoreMap":229},[234,531,532],{"class":236,"line":237},[234,533,535],{"class":534},"sAwPA","# telnet localhost 25\n",[234,537,539,542],{"class":236,"line":538},2,[234,540,541],{"class":240},"Trying",[234,543,544],{"class":244}," 127.0.0.1...\n",[234,546,548,551,554],{"class":236,"line":547},3,[234,549,550],{"class":240},"Connected",[234,552,553],{"class":244}," to",[234,555,556],{"class":244}," localhost.localdomain.\n",[234,558,560,563,566,569],{"class":236,"line":559},4,[234,561,562],{"class":240},"Escape",[234,564,565],{"class":244}," character",[234,567,568],{"class":244}," is",[234,570,571],{"class":244}," '^]'.\n",[234,573,575,578,581,584,587,591,594,597,600,603,606],{"class":236,"line":574},5,[234,576,577],{"class":240},"220",[234,579,580],{"class":244}," server.domain.tld",[234,582,583],{"class":244}," ESMTP",[234,585,586],{"class":244}," Exim",[234,588,590],{"class":589},"sDLfK"," 4.50",[234,592,593],{"class":244}," Thu,",[234,595,596],{"class":589}," 19",[234,598,599],{"class":244}," May",[234,601,602],{"class":589}," 2005",[234,604,605],{"class":244}," 20:15:15",[234,607,608],{"class":244}," +0200\n",[234,610,612,615],{"class":236,"line":611},6,[234,613,614],{"class":240},"EHLO",[234,616,617],{"class":244}," foo\n",[234,619,621,624,627,630,633,636],{"class":236,"line":620},7,[234,622,623],{"class":240},"250-server.domain.tld",[234,625,626],{"class":244}," Hello",[234,628,629],{"class":244}," chris",[234,631,632],{"class":244}," at",[234,634,635],{"class":244}," localhost",[234,637,639],{"class":638},"s95oV"," [127.0.0.1]\n",[234,641,643,646],{"class":236,"line":642},8,[234,644,645],{"class":240},"250-SIZE",[234,647,648],{"class":589}," 52428800\n",[234,650,652],{"class":236,"line":651},9,[234,653,654],{"class":240},"250-PIPELINING\n",[234,656,658,661,664],{"class":236,"line":657},10,[234,659,660],{"class":240},"250-AUTH",[234,662,663],{"class":244}," PLAIN",[234,665,666],{"class":244}," LOGIN\n",[234,668,670,673],{"class":236,"line":669},11,[234,671,672],{"class":240},"250",[234,674,675],{"class":244}," HELP\n",[234,677,679],{"class":236,"line":678},12,[234,680,681],{"class":240},"QUIT\n",[211,683,684],{},"So - AUTH is supported - plain and login - good.",[211,686,687],{},"Now - for testing - it was easy to add to change the \u002Fetc\u002Fdefault\u002Fexim4 file so that COMMONOPTIONS was set to -d-all+auth",[211,689,690],{},"Restarting exim4 with this in place will give debug output for auth related things. It won't background as a daemon - but that doesn't matter for testing.",[211,692,693],{},"In Outlook outgoing mail was set to require login and to use the same username\u002Fpassword as incoming (POP3 or IMAP). Sent a mail and presto - it went thru using the LOGIN auth (as could be seen in the debug log).",[211,695,696],{},"So - I've removed the debug options and restarted - later we'll be trying to add SSL and maybe some other options (although I'm not sure what Outlook supports other than login).",[211,698,699],{},[220,700,701],{},"RBL blacklists",[211,703,704],{},"You'll need to edit \u002Fetc\u002Fexim4\u002Fconf.d\u002Facl\u002F30_exim4-config_check_rcpt",[211,706,707],{},"Find the section with the text",[224,709,712],{"className":710,"code":711,"language":346,"meta":229},[344],"#############################################################################\n# There are no checks on DNS \"black\" lists because the domains that contain\n# these lists are changing all the time. You can find examples of\n# how to use dnslists in \u002Fusr\u002Fshare\u002Fdoc\u002Fexim4-config\u002Fexamples\u002Facl\n#############################################################################\n",[231,713,711],{"__ignoreMap":229},[211,715,716],{},"And look in the example file in the directory listed for examples. Simple :) However - this is just warnings. My old server is stricter - and rejects. This can be done by adding acl rules of the form",[224,718,721],{"className":719,"code":720,"language":346,"meta":229},[344],"deny dnslists = dnsbl.njabl.org\n",[231,722,720],{"__ignoreMap":229},[211,724,725],{},[220,726,727],{},"Recommended Reading",[211,729,730,731,735],{},"Loads of stuff on ",[304,732,733],{"href":733,"rel":734,"target":311},"http:\u002F\u002Fwww.debian-administration.org",[308,309,310]," - simply run a search for exim.",[211,737,738],{},"As I get the system more up and running I'll add to this article. Things on the wishlist",[390,740,741,749,752,755,758],{},[393,742,743,744,748],{},"mailman (as in the config at ",[304,745,746],{"href":746,"rel":747,"target":311},"http:\u002F\u002Fwww.exim.org\u002Fhowto\u002Fmailman21.html",[308,309,310]," rather than the simple adding of aliases to \u002Fetc\u002Faliases)",[393,750,751],{},"SSL",[393,753,754],{},"LDAP instead of PAM auth",[393,756,757],{},"Mail2News gateway",[393,759,760],{},"Getting my home machine to use this box as a smarthost (or whatever is most appropriate) so that my mail isn't rejected as coming from an ISP block.",[762,763,764],"style",{},"html pre.shiki code .svObZ, html code.shiki .svObZ{--shiki-default:#B392F0}html pre.shiki code .sU2Wk, html code.shiki .sU2Wk{--shiki-default:#9ECBFF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html pre.shiki code .sAwPA, html code.shiki .sAwPA{--shiki-default:#6A737D}html pre.shiki code .sDLfK, html code.shiki .sDLfK{--shiki-default:#79B8FF}html pre.shiki code .s95oV, html code.shiki .s95oV{--shiki-default:#E1E4E8}",{"title":229,"searchDepth":538,"depth":538,"links":766},[],"2005-05-19 12:18:29 +0200",null,"md",{},true,"\u002F2005\u002F05\u002F19\u002Fsendmail-exim4",{"title":206,"description":213},{"loc":772},"2005\u002F05\u002F19\u002Fsendmail-exim4",[777,778,779,780,781],"debian","exim4","sendmail","clamav","spamassassin","3Mz7rA3-UMiiwg7-gfUgtT_P_NzsQBDFBZzAjFdCk8U",1775293017187]