Set Exim4 on Debian 3.1 with single conf file 17/06/06
Prerequistes
Exim: http://www.exim.org/mailman/listinfo/exim-users
Exiscan-ACL: http://duncanthrax.net/exilist/exilist.cgi.pl
SA-Exim: http://lists.merlins.org/lists/listinfo/sa-exim
SpamAssassin: http://spamassassin.org/lists.html
Clam Antivirus: http://www.clamav.net/ml.html
exim-heavy daemon has exiscan in built.
You'll also need some Perl modules that may not be installed by default. Please see the SpamAssassin INSTALL file for full details of the required modules, but these may (depending on your installation) include:
Time::HiRes
Digest::MD5
MIME::Base64
Check your installation media to see if they are pre-packaged already. RPM-based systems should look for packages beginning with perl-XXX; e.g. perl-Time-HiRes.
You may also need some others, such as:
Digest::SHA1
Digest::HMAC_MD5
Test::Simple (ignore the Test::Harness warnings)
Net::DNS
Testing with sample files from example directory.
spamassassin -t < sample-nonspam.txt > nonspam.out
spamassassin -t < sample-spam.txt > spam.out
check the files nonspam.out and spam.out
Use "local_scan" option in Exim config file to tell the dlopen patch which local_scan modules to load. For example:
local_scan_path = /usr/libexec/exim/sa-exim.so
For SA-Exim
change the rewrite_subject option - it defaults to 0, but if set to 1 adds **** SPAM... at the start of the subject line for messages found to be spam
SpamAssassin
Edit /etc/spamassassin/local.cf and give group rwx on /var/spool/spamassassin
bayes_path /var/spool/spamassassin/bayes
bayes_file_mode 0666
bayes_auto_learn 1
rewrite_header Subject *****SPAM*****
report_safe 1
required_hits 5.0
lock_method flock
allow_user_rules 1
For exim
Edit /etc/exim4/exim4.conf.template
acl_smtp_data = acl_check_data
acl_check_data:
# Define a message size limit. You can either change it here, or set the
# MESSAGE_SIZE_LIMIT macro. The default (used when MESSAGE_SIZE_LIMIT
# is unset and/or message_size_limit is unset) is 50 MB
#.ifdef MESSAGE_SIZE_LIMIT
#message_size_limit = MESSAGE_SIZE_LIMIT
message_size_limit = 5M
deny message = This message contains malformed MIME ($demime_reason).
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
# Unpack MIME containers and reject file extensions
# used by worms. Note that the extension list may be
# incomplete.
deny message = $found_extension files are not accepted here
demime = com:vbs:bat:pif:scr
========= or ================
deny message = Blacklisted file extension detected
condition = ${if match \
{${lc:$mime_filename}} \
{\N(\.bat|\.com|\.exe|\.pif|\.prf|\.scr|\.vbs)$\N} \
{1}{0}}
=================================
Virus scanning settings in /etc/exim4/exim4.conf.template
av_scanner = clamd:127.0.0.1 3310
In the DATA ACL
deny message = This message contains a virus or other harmful content ($malware_name)
demime = *
malware = *
In the MIME ACL
deny message = This message contains a virus or other harmful content ($malware_name)
malware = *
Restart exim4
Configuring SA-Exim /etc/exim4/sa-exim.conf
warn message = X-SA-Do-Not-Rej: Yes
local_parts = postmaster:abuse
Installing Clam
unprivileged user 'clamav' will be created, which is the user that we will set ClamAV up to run as. You will need to add 'clamav' as an additional user in the 'mailnull' group or whichever group Exim runs as, in /etc/group.
edit /etc/clamav/clamd.conf
#Automatically Generated by clamav-daemon postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-daemon
#LocalSocket /var/run/clamav/clamd.ctl
TCPSocket 3310
TCPAddr 127.0.0.1
FixStaleSocket
User clamav
AllowSupplementaryGroups
ScanMail
ScanArchive
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxFileSize 10M
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
#StreamSaveToDisk
StreamMaxLength 10M
LogVerbose
LogFile /var/log/clamav/clamav.log
LogTime
LogFileMaxSize 0
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav/
SelfCheck 3600
ScanOLE2
ScanPE
DetectBrokenExecutables
ScanHTML
ArchiveBlockMax
Testing
telnet your.server 25
[Wait for connection and the server banner, e.g. 220 your.server.name ESMTP Exim 4.30 ...]
HELO test
[Server should respond: 250...]
MAIL FROM: <you@your.address>
[Server should respond: 250...]
RCPT TO: <you@your.address>
[Server should respond: 250...]
DATA
[Server should respond: 354...]
From: you@your.address
To: you@your.address
Subject: a test mail
test
.
check the headers
X-Spam-Status: No, hits=1.1 required=5.0
tests=NO_REAL_NAME, MSGID_FROM_MTA_SHORT
autolearn=no version=2.60
X-Spam-Level: *
same test with this in body
From: test@test
Subject: MAKE MONEY FAST!!! $$$ 34fs4
viagra
This time the headers
X-Spam-Status: Yes, hits=6.0 required=5.0
tests=CASHCASHCASH,MISSING_HEADERS,NO_REAL_NAME,PLING_PLING,
SUBJ_HAS_SPACES,SUBJ_HAS_UNIQ_ID
autolearn=no version=2.60
X-Spam-Level: *********
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on your.server.example
X-Spam-Report: ---- Start SpamAssassin results
6.00 points, 5 required;
* 0.8 -- From: does not include a real name
* 1.7 -- Subject contains lots of white space
* 1.3 -- Subject contains a unique ID
* 0.5 -- Missing To: header
* 0.0 -- Contains at least 3 dollar signs in a row
* 1.7 -- Subject has lots of exclamation marks
---- End of SpamAssassin results
X-Spam-Flag: YES
the following should be rejected.
From: test@test
Subject: MAKE MONEY FAST!!! $$$ 34fs4
MiME-Version: 1.0
VIAGRA!!!!
AS SEEN ON NATIONAL TV, WORK FROM HOME!!!
GUARANTEED 100% THIS IS NOT SPAM!!!
GTUBE test for spam (put in the mail)
/XJS\*C4JDBQADN1\.NSBN3\*2IDNEN\*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL\*C\.34X/
Eicar Virus test (put in the mail) for clamav testing
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
==========================================
Install sasl2-bin ,libauthen-sasl , libsasl2 , libsasl2-modules
edit /etc/default/saslauthd
START=yes
MECHANISMS="pam shadow sasldb"
adduser Debian-exim to sasl group.
/etc/init.d/saslauthd restart
for smtp auth. in /etc/exim4/exim4.conf.template uncomment the following.
tls_advertise_hosts = *
tls_certificate = /etc/exim4/exim.crt
tls_privatekey = /etc/exim4/exim.key
accept authenticated = *
add to the auth section
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
server_set_id = $1
cram_md5:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${if saslauthd{{$1}{$2}}{1}{0}}
server_set_id = $1
plain_saslauthd:
driver = plaintext
public_name = PLAIN
# don't send system passwords over unencrypted connections
server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
server_set_id = $2
server_prompts = :
Make the cert and the key files.
openssl req -x509 -newkey rsa:1024 -keyout /etc/exim4/exim.key -out /etc/exim4/exim.crt -days 0 -nodes
for routing mail of unknown local users to another server add the following at the end of the router section.
### router/mail for unknown users
#################################
unknown:
driver = manualroute
transport = remote_smtp
route_list = * mail.domain.com
#no_verify
Add the following line to /etc/exim4/update-exim4.conf.conf
dc_localdelivery=maildir_home
after making any changes to exim4.conf.template or update-exim4.conf.conf
run update-exim4.conf
and restart exim4
test
telnet smtpserver 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 proxy1.hsmum1.com ESMTP Exim 4.44 Fri, 11 Mar 2005 16:23:52 +0530
EHLO test
250-proxy1.hsmum1.com Hello root at localhost [127.0.0.1]
250-SIZE 3145728
250-PIPELINING
250-AUTH LOGIN CRAM-MD5 <<<<<<<<
250-STARTTLS
250 HELP
AUTH LOGIN <<<<<<<<
334 VXNlcm5hbWU6
or
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 proxy1.hsmum1.com ESMTP Exim 4.44 Fri, 11 Mar 2005 16:24:56 +0530
EHLO test
250-proxy1.hsmum1.com Hello root at localhost [127.0.0.1]
250-SIZE 3145728
250-PIPELINING
250-AUTH LOGIN CRAM-MD5 <<<<<<<<
250-STARTTLS
250 HELP
AUTH CRAM-MD5 <<<<<<<<<<<<<<
334 PDE2NDc5LjExMTA1Mzg1MDhAcHJveHkxLmhzbXVtMS5jb20+
Configure outlook to authenticate with smtp.
Integrating openwebmail
install the openwebmail .deb package
edit /etc/apache2/apache2.conf
and add to end.
Include "/etc/openwebmail/apache.conf"
edit /etc/openwebmail/openwebmail_path.conf and add
/usr/lib/cgi-bin/openwebmail
you can fine tune /etc/openwebmail/openwebmail.conf
===========================
Adding a footer/disclaimer.
Install the altermime package
edit /etc/exim4/exim4.conf.template
dnslookup:
debug_print = "R: dnslookup for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains
# transport = ${if eq {$sender_address_domain}{your.domain}\
# {remote_smtp_filter}{remote_smtp}}
# transport = remote_smtp
transport = remote_smtp_filter
same_domain_copy_routing = yes
# ignore private rfc1918 and APIPA addresses
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
no_more
Under the transport section add
##############################################
### for transport/footer
##############################################
remote_smtp_filter:
driver = smtp
transport_filter = /etc/exim4/footer.sh
##############################################
### end transport/footer
##############################################
edit the /etc/exim4/footer.sh
#!/bin/sh
TEMP=`/bin/date "+%s.%N"`
/bin/cat >/tmp/altermime.$TEMP
/usr/local/bin/altermime --input=/tmp/altermime.$TEMP --disclaimer=/etc/exim4/footer.txt --disclaimer-html=/etc/exim4/footer.html --log-syslog
/bin/cat /tmp/altermime.$TEMP
/bin/rm -f /tmp/altermime.$TEMP
Create an appropriate footer.txt and footer.html
===================================
For internal only address. Add the following to exim4.conf.template after the DNS Black list entry.
# Reject messages from senders listed in these DNSBLs
deny message = Host is listed in $dnslist_domain
## !hosts = +relay_from_domains
!authenticated = *
!acl = acl_whitelist_local_deny
dnslists = cbl.abuseat.org :\
relays.ordb.org
deny message = user unknown
recipients = lsearch;/etc/exim4/internal-emails-only
sender_domains = ! +local_domains
Edit /etc/exim4/internal-emails-only
pm@domain.com
=========================================