Installing and configuring Exim 4 on Debian
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. First, install all the necessary Debian packages are on the system as the root user. (The exim4 package will REPLACE the exim package.)
NOTE: If you are using the stable branch, it is suggested to use the debian volatile packages (along with the security packages) so that your system is using the most up-to-date critical packages (like ClamAV) for security purposes. For production servers, you may not want to run a mixed stable/testing/unstable system. To use these packages, see
http://volatile.debian.net/ for more information. For those of you who are impatient and don't want to find the correct
mirror, here's is what I added to my /etc/apt/sources.list file:
Use aptitude to install these packages, but you could also use the old apt-get method:
Quote:
apt-get install clamav-daemon \
clamav-freshclam exim4-daemon-heavy exim4 \
courier-base courier-authdaemon courier-imap \
courier-pop spamassassin wget spamc sa-exim
|
When going through the exim4 config, be sure to select the multiple file configuration layout. If you didn't (or weren't prompted for it), simply set dc_use_split_config to true in the /etc/exim4/update-exim.conf.conf file.
Create your Maildir directory
Now we want to make exim4 use Maildir format mailboxes. Modify the file /etc/exim4/update-exim4.conf.conf so that it contains:
Quote:
|
dc_localdelivery='maildir_home'
|
4. We need to Edit /etc/default/spamassassin to enable spamd.
5. Each user can set up their own filters by creating a .forward file in their home directory. If the first line of this file reads #
# Exim filter then Exim4 will treat it as a filter.
Here is an example of an Exim filter that checks the headers that SpamAssassin adds and puts the mail in the appropriate Maildir folder:
Quote:
# Exim filter
if $h_X-Spam-Status: CONTAINS "Yes"
or
$h_X-Spam-Flag: CONTAINS "Yes"
then
save $home/Maildir/.Spam/
finish
endif
|
6. Many system administrators like to set up the Maildir directories and .forward filter file in the /etc/skel directory so that when they make a new user on the system, everything is automatically copied over.
7. Before going live with the mail server, we will want to test it!
a. Generate the new configuration:
If you made it through this, then your config files don't have any syntax errors.
If that works, then there are no config issues
b. Next, start exim by issuing:
Above assumes that you are running exim4 as a daemon, and not through inetd
c. Now, check a local address:
d. Check sending an email:
You should now see some messages to let you know that the email was sent or information about what went wrong.
e. To test with full debug output using a specific config file, use something like:
f. To test the config coming from a specified ip address, use:
Quote:
HELO example.com
MAIL FROM: <user@example.com>
RCPT TO: <local_user@example.com>
DATA
Subject: something
your message here
.
QUIT
|
8. Add the following to your /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs file:
Quote:
# This tells what virus scanner to use
av_scanner = clamd:/var/run/clamav/clamd.ctl
|
9. Edit /etc/exim4/conf.d/acl/40_exim4-config_check_data to inlude the following before the "# accept otherwise" line:
Quote:
# Reject messages that have serious MIME errors.
# This calls the demime condition again, but it
# will return cached results.
deny message = Serious MIME defect detected ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
# Reject file extensions used by worms.
# Note that the extension list may be incomplete.
deny message = This domain has a policy of not accepting certain types of attachments \
in mail as they may contain a virus. This mail has a file with a .$found_extension \
attachment and is not accepted. If you have a legitimate need to send \
this particular attachment, send it in a compressed archive, and it will \
then be forwarded to the recipient.
demime = exe:com:vbs:bat if:scr
# Reject messages containing malware.
deny message = This message contains a virus ($malware_name) and has been rejected
malware = *
|
10. Then, you need to enable ClamAV.
1. Firstly, you will want to be sure that it is running against messages. In /etc/exim4/sa-exim.conf, search for SAEximRunCond:
Quote:
|
SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}}
|
That is simply skipping the scan on anything from the local machine or if the X-SA-Do-Not-Run header in the message is set to Yes. If you just want exim to run ClamAV on all messages, use this:
2. Before restarting ClamAV, we need to be sure that all of the access rights are in place so that the scans actually happen. The best way to handle this is to add the clamav user to the Debian-exim group. Either manually edit /etc/group, or simple run:
Quote:
|
adduser clamav Debian-exim
|
3. Be sure that /etc/clamav/clamd.conf contains a line that reads:
4. Set the file permissions for the /var/run/clamav directory to allow for the correct user to use it:
Quote:
|
chown Debian-exim.Debian-exim /var/run/clamav
|
5. A restart of ClamAV is necessary for the changes to take effect:
Quote:
|
/etc/init.d/clamav-daemon restart
|
11. You should now be able to get your mail via IMAP with a mail client like Mozilla. Check your headers (View Source) and see that SpamAssassin has added its headers. SMTP-end virus scanning should also be taking place. Check your /var/log/clamav/clamav.log to monitor this.
------------------------
Best Regards,
eUKShane
http://www.eukhost.com
installing Exim 4 on Debian Server
Linear Mode
