Exim Configuration
Edit the configuration file /usr/local/exim/exim.conf :
bash# vi /usr/local/exim/exim.conf
|
and make the modifications described in the following sections.
Main (General) Configurations
Modify these parameters at /usr/local/exim/exim.conf at the MAIN CONFIGURATION SETTINGS section:
primary_hostname = dns3.inima.al
domainlist local_domains = dns3.inima.al : proxy1.inima.al
domainlist relay_to_domains = inima.al : *.inima.al : akad.edu.al : ert.gov.al : cstid.edu.al
hostlist relay_from_hosts = 127.0.0.1 : 192.168.240.0/20 : 193.254.1.0/24
|
relay_to_domains are the domains for which exim accepts email and
relay_from_hosts are the hosts/networks which can send email using exim.
Add these general parameters before the ACL CONFIGURATION section:
# Who to send a mail to when a message is frozen
freeze_tell = postmaster
# Time before a queue runner will try a new delivery attempt
# on any frozen message. Default is 0s
auto_thaw = 2d
# Max number of simultaneous SMTP calls to accept
# (aka max number of exim processes) Default is 20
smtp_accept_max = 10
# Max number of waiting SMTP connections.
# Gives some protection against denial-of-service attacks by SYN flooding
# Default is 20
smtp_connect_backlog = 10
# Max number of MAIL commands that Exim is prepared to accept over a
# single SMTP connection, after which a 421 is given. Default is 1000
smtp_accept_max_per_connection = 50
# Max message size to accept
# Default is 50M
message_size_limit = 20M
# Max bounce message size to send
# Default is 100K
return_size_limit = 10K
# Alternative to return_size_limit is to set
#bounce_return_message = false
# Redundant pairs of angle brackets around addresses are removed
# Default is false
strip_excess_angle_brackets = true
# Ignore a trailing dot at the end of a domain in an address
# Default is false
strip_trailing_dot = true
|
Filter Configuration
Add these parameters at /usr/local/exim/exim.conf , before the ACL CONFIGURATION section:
# specify the system filter file
system_filter = /usr/local/exim/exim.filter
system_filter_user = mail
system_filter_group = mail
|
Create the system filter file /usr/local/exim/exim.filter with this content:
# Exim filter -- do not remove it, it is required, it is not a comment
### throw away junk or bulk
if
$h_precedence: is "junk" or
$h_precedence: is "bulk"
then
seen finish
endif
### forward mrtg errors to dhoxha, nfra, agor and nresulaj
if
$h_from: contains "root@" and
$h_subject: contains "/usr/bin/mrtg"
then
deliver nfra@inima.al
deliver dhoxha@inima.al
endif
if
$h_from: contains "MAILER-DAEMON@hpe25.inima.al"
then
deliver nfra@inima.al
endif
|
Create a test message, like this:
From root@localhost Sat Mar 27 18:31:31 2004
Date: Thu, 29 Apr 2004 10:50:29 +0200
To: postmaster
From: MAILER-DAEMON@hpe25.inima.al
Subject: test
test message
|
and test the system filter file:
bash$ bin/exim -bF exim.filter < test.msg
bash$ bin/exim -v -bF exim.filter $amp;lt; test.msg
|
Restart exim:
bash# /sbin/service exim restart
|
ACL Configuration
These access rules provide some protection against spam and void messages, (e.g. messages sent to a user that does not exist at inima.al).
Add these rules after require verify = sender :
# Do not accept HELO/EHLO from hosts using our IP(s) in HELO
# Could exclude internal IPs, but they should never HELO with our inet IP
# Remember to update file if IP(s) change!
deny message = Forged IP in HELO.
log_message = HELO is our IP
condition = ${lookup {$sender_helo_name} \
lsearch{/usr/local/exim/our_inet_ips.txt} \
{yes}{no}}
# Deny unless the sender address can be verified.
deny message = From email address must be valid
# do not check address for lists or bounces
# or people in our company contact database
#senders = ^.*-request@.*
# do not check for DSN-ignorant domains
# iow those that don't accept MAIL FROM:<>
!verify = sender/defer_ok
# deny if the domain is inima.al but the local_part is not in the
# list of users (users.inima.al)
deny domains = inima.al
local_parts = !lsearch;/usr/local/exim/users.inima.al
|
Create the file /usr/local/exim/our_inet_ips.txt with all the IP numbers of the server:
80.78.70.178
193.254.1.195
192.168.251.195
|
Create the file /usr/local/exim/users.inima.al with all the users of the domain inima.al (users of the server hpe25.inima.al):
nfra
gbeq
dhoxha
agor
enal
...
|
Routers Configuration
In the ROUTERS CONFIGURATION section add these routers at the beginning, after begin routers :
# This router forwards all the emails for the domain inima.al
# to the server hpe25.inima.al (without any DNS lookup, MX records etc.)
special:
driver = manualroute
transport = remote_smtp
route_list = inima.al hpe25.inima.al
### N.Frasheri 24 aug 2004 test smarthost
### fail: "cannot find router driver "domainlist"
#smarthost:
# driver = domainlist
# transport = remote_smtp
# route_list = "* 193.254.1.197 bydns_a"
### route_list = "* mail.example.com bydns_a"
|
Also uncomment allow filter at userforward: router.
userforward:
driver = redirect
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
|
Transports Configuration
At the TRANSPORTS CONFIGURATION section add these transports:
# NFrasheri: SMTP transport
smtp:
driver = smtp
delay_after_cutoff = false
local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail # uncomment these two lines
mode = 0660
|
Retry Configuration
At the RETRY CONFIGURATION section modify this line:
#* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
* * F,2h,15m; G,6h,1h,1.5; F,4d,6h
|