Spamassassin testing7/22/2023 Put MAIN_TLS_ENABLE=yes near the top in /etc/exim4/conf.d/main/03_exim4-config_tlsoptions and set the following keys: Place the received certificate in /etc/ssl/ Allow the CA to sign it, then you'll receive a certificate from the CA. Do not enter a challenge password.Ĭopy the certificate signing request to a CA for signing. At the Common Name field, input your mail hostname ( in my case). Input your location and contact information. ~# openssl req -sha256 -days 3650 -nodes -new -newkey rsa:4096 -keyout /etc/ssl/private/ -out /etc/ssl/ To generate the key and certificate signing request (replace with your Fully Qualified Domain Name): Hint Use let's encrypt to keep these keys valid. For now, you can test any local system user one of the domains you accepted.Īny line not starting with a number is something you have to type yourself to test this.Ģ20 ESMTP Exim 4.80 Sun, 12:37:27 -0400Ģ Hello Substitute the IP and mail addresses for your own stuff. It's good to test this, even if you're going to add LDAP later. This will only test against local system users. Now try to see if simple address resolution works. This command should give no output, if it does and starts with ii, remove that package.Ĭonfiguring exim4 ~# dpkg-reconfigure exim4-configĬhoose internet site, set the host name to the value you will set the reverse DNS to, specify all domains you want to receive mail for and choose split files (unless you want to replace every exim4 file name here with in this manual). ~$ dpkg -l |egrep '(postfix|sendmail|amavis)' Verify that no interfering packages are installed (like postfix, sendmail, amavis) ~# apt-get install dovecot-imapd dovecot-ldap dovecot-lmtpd dovecot-sieve dovecot-managesieved Otherwise, do this on the host(s) where you want to run your dovecot. If dovecot is going to run on this same host (you're not doing high-availability or full disk crypto mail store), also install dovecot-imapd, dovecot-ldap and dovecot-lmtpd on the mta. If you want to run a mailing list server as well, also install mailman and apache2. ~# apt-get install exim4-daemon-heavy spamassassin clamav-daemon greylistd spf-tools-perl sasl2-bin srs pyzor razor The dovecot part of this setup is *not* included in this guide (yet). To prevent index corruption and locking overhead, there is the director component, which will pin a user to a node as long as that node is up. Locking may cause performance degradation and has to work reliably on your NFS backend, otherwise the indexes get corrupted. The best performing mailbox format is mdbox, but this is also the easiest store to corrupt the indexes of if two nodes write to it in parallel. This can be a proprietary NAS or some open source HA NFS setup. The safest way to run dovecot in high-availibility mode is to run the mail store on top of a high-performance redundant NAS. Running dovecot in high-availability is a different story. (Of course, your bayesian spam filters may train differently.). Running MTAs in high availability is easy, just duplicate the MTA setup and add two MX records to your domains. The MTA will hold mail for up to 3 weeks if you haven't typed your disk crypto password on boot yet (See the lmtp section). To prepare for this setup, simple install one machine without disk crypto and one with. This is the best scenario for small setups and requires two (virtual) machines, one MTA that handles accepting of emails and spam/virus filtering and one machine that is encrypted. In this case, install all packages on the same machine, do not use disk encryption, because your mail server will be unreachable after a power failure. Ability to have a CA sign your certificates (can be done for free with Let's Encrypt).Possibility to set up reverse DNS for your IPv4 and IPv6 addresses.A (virtual) machine running Debian wheezy or jessie with public IPv4 and IPv6 internet connectivity.Running an external (partial) LDAP slave.20.10 Keep getting 421 Unexpected failure after RCPT TO.20.9 TLS not available and Error while reading file message in exim4.log.20.8 Unable to verify the first certificate.20.7 You keep getting 550 relay not permitted for local email addresses.20.6 Spamassassin hits rule URIBL_BLOCKED on every mail message.20.5 Forgetting to install dovecot-lmtpd.20.3 Forgetting to add the exim to sasl group.20.2 Not using wheezy-updates or jessie-updates repository.20.1 Forgetting to add the clamav user to the exim group.18.5 ACL and Shared mailboxs (allowing delegated mailboxes).16.2 For remote delivery with 3 week hold function via LMTP.15.6 More information on LDAP integration.15.5 Testing saslauthd LDAP integration.14.3 Doing something useful with the reports.12.2.2 Implement srsd integration into exim4.12.2 Adding Sending Rewriting Scheme (SRS).8.5 More information exim4 configuration.
0 Comments
Leave a Reply. |