From a3628fc49db4d88ff3e4067268650710d1da3f6f Mon Sep 17 00:00:00 2001 From: Silvino Silva Date: Fri, 12 Feb 2021 03:59:34 +0000 Subject: initial openbsd support --- linux/exim.html | 233 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 233 insertions(+) create mode 100644 linux/exim.html (limited to 'linux/exim.html') diff --git a/linux/exim.html b/linux/exim.html new file mode 100644 index 0000000..028bfce --- /dev/null +++ b/linux/exim.html @@ -0,0 +1,233 @@ + + + + + 2.5. Exim + + + Core OS Index +

2.5. Exim

+ +

2.5.1. Exim Configuration

+ +

Exim come with default configuration we will change to mach system settings + /etc/exim/exim.conf.

+ +
+        $ sudo prt-get depinst mailx
+        
+ +

2.5.2. Certificates

+ +

Exim creates a key for you if you just copy exim.conf and start daemon;

+ +
+        # cp /home/username/data/git/doc/core/conf/exim/exim.conf /etc/exim/exim.conf
+        # sh /etc/rc.d/exim start
+        SSL certificate /etc/ssl/certs/exim.crt with key /etc/ssl/keys/exim.key for host machine.example created
+        #
+        
+ +

Manually create a private key;

+ +
+	$ sudo mkdir /etc/ssl/keys
+	
+ +
+	$ sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/keys/exim.key -out /etc/ssl/certs/exim.cert -days 9000 -nodes
+	Generating a 2048 bit RSA private key
+	...........................................+++
+	..............+++
+	writing new private key to '/etc/ssl/keys/exim.key'
+	-----
+	You are about to be asked to enter information that will be incorporated
+	into your certificate request.
+	What you are about to enter is what is called a Distinguished Name or a DN.
+	There are quite a few fields but you can leave some blank
+	For some fields there will be a default value,
+	If you enter '.', the field will be left blank.
+	-----
+	Country Name (2 letter code) [AU]:PT
+	State or Province Name (full name) [Some-State]:
+	Locality Name (eg, city) []:
+	Organization Name (eg, company) [Internet Widgits Pty Ltd]:
+	Organizational Unit Name (eg, section) []:
+	Common Name (e.g. server FQDN or YOUR name) []:machine.example.org
+	Email Address []:postmaster@machine.example.org
+	#
+        
+ +
+	# chown mail:mail /etc/ssl/keys/exim.key
+	# chmod 0600 /etc/ssl/keys/exim.key
+	# chmod 644 /etc/ssl/certs/exim.cert
+	
+ +

2.5.3. Aliases

+ +

Exim come with default aliases we will change to mach system settings + /etc/exim/aliases;

+ +
+        # Default aliases file, installed by Exim. This file contains no real aliases.
+        # You should edit it to taste.
+
+        # The following alias is required by the mail RFCs 2821 and 2822.
+        # Set it to the address of a HUMAN who deals with this system's mail problems.
+
+        postmaster: machine-admin
+
+        # It is also common to set the following alias so that if anybody replies to a
+        # bounce message from this host, the reply goes to the postmaster.
+
+        mailer-daemon: postmaster
+
+        # You should also set up an alias for messages to root, because it is not
+        # usually a good idea to deliver mail as root.
+
+        root: postmaster
+
+        # It is a good idea to redirect any messages sent to system accounts so tha
+        # they don't just get ignored. Here are some common examples:
+
+        bin: root
+        daemon: root
+        ftp: root
+        nobody: root
+        operator: root
+        uucp: root
+
+        # You should check your /etc/passwd for any others.
+
+        # Other commonly enountered aliases are:
+        #
+        # abuse:       the person dealing with network and mail abuse
+        # hostmaster:  the person dealing with DNS problems
+        # webmaster:   the person dealing with your web site
+
+        ####
+        
+ +

2.5.4. Smarthost

+ +

Tony Finch publish a nice + configuration reference. +

+ +

File /etc/exim/alias rewrite addresses when receiving, + return_path and headers_rewrite rewrite addresses in header + (envelop) while main rewrite apply rewriting to all.

+ +

Test sender rewriting;

+ +
+        # exim -brw bob@box
+        # exim -brw bob@remote.com
+        
+ +

Test routing;

+ +
+        # exim -bt bob@box
+        # exim -bt bob@remote.com
+        
+ +

2.5. Fetchmail

+ +
+        $ prt-get depinst fetchmail
+        
+ +
+        $ sudo su
+        # mkdir /var/lib/fetchmail
+        # mkdir /var/run/fetchmail
+        # useradd -r fetchmail
+        # chown fetchmail /var/lib/fetchmail
+        # chown fetchmail /var/run/fetchmail
+        
+ +

Create /etc/rc.d/fetchmail and add fetchmail to /etc/rc.conf;

+ +
+        #!/bin/sh
+        #
+        # /etc/rc.d/fetchmail: start/stop fetchmail daemon
+        #
+
+        SSD=/sbin/start-stop-daemon
+        PROG=/usr/bin/fetchmail
+        PID=/var/run/fetchmail/fetchmail.pid
+        IDS=/var/lib/fetchmail/.fetchids
+        PUID=45
+        PGID=100
+        OPTS="-f /etc/fetchmailrc -i $IDS --pidfile $PID --syslog -v"
+
+        case $1 in
+        start)
+                $SSD --chuid $PUID:$PGID --user $PUID --exec $PROG --start -- $OPTS
+                ;;
+        stop)
+                $SSD --stop --remove-pidfile --retry 10 --pidfile $PID
+                ;;
+        restart)
+                $0 stop
+                $0 start
+                ;;
+        reload)
+                $SSD --stop --signal HUP --pidfile $PID
+                ;;
+        status)
+                $SSD --status --pidfile $PID
+                case $? in
+                0) echo "$PROG is running with pid $(head -1 $PID)" ;;
+                1) echo "$PROG is not running but the pid file $PID exists" ;;
+                3) echo "$PROG is not running" ;;
+                4) echo "Unable to determine the program status" ;;
+                esac
+                ;;
+        *)
+                echo "usage: $0 [start|stop|restart|reload|status]"
+                ;;
+        esac
+        # End of file
+        
+ +

Create /etc/fetchmailrc;

+ +
+        # This file must be chmod 0600, owner fetchmail
+
+        set daemon        300           # Pool every 5 minutes
+        set syslog                      # log through syslog facility
+        set postmaster  admin@box
+
+        set no bouncemail               # avoid loss on 4xx errors
+                                        # on the other hand, 5xx errors get
+                                        # more dangerous...
+
+        ##########################################################################
+        # Hosts to pool
+        ##########################################################################
+
+        # Defaults ===============================================================
+        # Set antispam to -1, since it is far safer to use that together with
+        # no bouncemail
+        defaults:
+        timeout 300
+        antispam -1
+        batchlimit 100
+
+        poll pop.remote.com protocol POP3 user "drbob@remote.com" there with password "secretpass" is "bob@box" here
+        
+ + Core OS Index +

+ This is part of the Tribu System Documentation. + Copyright (C) 2020 + Tribu Team. + See the file Gnu Free Documentation License + for copying conditions.

+ + -- cgit 1.4.1-2-gfad0