about summary refs log tree commit diff stats
path: root/core/exim.html
blob: 028bfce6331c16706a7598a0475c3d1efdcf92a5 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
<!DOCTYPE html>
<html dir="ltr" lang="en">
    <head>
        <meta charset='utf-8'>
        <title>2.5. Exim</title>
    </head>
    <body>
        <a href="index.html">Core OS Index</a>
        <h1>2.5. Exim</h1>

        <h2 id="conf">2.5.1. Exim Configuration</h2>

        <p>Exim come with default configuration we will change to mach system settings
        <a href="conf/etc/exim/exim.conf">/etc/exim/exim.conf</a>.</p>

        <pre>
        $ sudo prt-get depinst mailx
        </pre>

        <h2 id="cert">2.5.2. Certificates</h2>

        <p>Exim creates a key for you if you just copy exim.conf and start daemon;</p>

        <pre>
        # cp /home/username/data/git/doc/core/conf/exim/exim.conf /etc/exim/exim.conf
        # sh /etc/rc.d/exim start
        SSL certificate /etc/ssl/certs/exim.crt with key /etc/ssl/keys/exim.key for host machine.example created
        #
        </pre>

        <p>Manually create a private key;</p>

        <pre>
	$ sudo mkdir /etc/ssl/keys
	</pre>

        <pre>
	$ sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/keys/exim.key -out /etc/ssl/certs/exim.cert -days 9000 -nodes
	Generating a 2048 bit RSA private key
	...........................................+++
	..............+++
	writing new private key to '/etc/ssl/keys/exim.key'
	-----
	You are about to be asked to enter information that will be incorporated
	into your certificate request.
	What you are about to enter is what is called a Distinguished Name or a DN.
	There are quite a few fields but you can leave some blank
	For some fields there will be a default value,
	If you enter '.', the field will be left blank.
	-----
	Country Name (2 letter code) [AU]:PT
	State or Province Name (full name) [Some-State]:
	Locality Name (eg, city) []:
	Organization Name (eg, company) [Internet Widgits Pty Ltd]:
	Organizational Unit Name (eg, section) []:
	Common Name (e.g. server FQDN or YOUR name) []:machine.example.org
	Email Address []:postmaster@machine.example.org
	#
        </pre>

    	<pre>
	# chown mail:mail /etc/ssl/keys/exim.key
	# chmod 0600 /etc/ssl/keys/exim.key
	# chmod 644 /etc/ssl/certs/exim.cert
	</pre>

        <h2 id="alias">2.5.3. Aliases</h2>

        <p>Exim come with default aliases we will change to mach system settings
        <a href="conf/etc/exim/aliases">/etc/exim/aliases;</a></p>

        <pre>
        # Default aliases file, installed by Exim. This file contains no real aliases.
        # You should edit it to taste.

        # The following alias is required by the mail RFCs 2821 and 2822.
        # Set it to the address of a HUMAN who deals with this system's mail problems.

        postmaster: machine-admin

        # It is also common to set the following alias so that if anybody replies to a
        # bounce message from this host, the reply goes to the postmaster.

        mailer-daemon: postmaster

        # You should also set up an alias for messages to root, because it is not
        # usually a good idea to deliver mail as root.

        root: postmaster

        # It is a good idea to redirect any messages sent to system accounts so tha
        # they don't just get ignored. Here are some common examples:

        bin: root
        daemon: root
        ftp: root
        nobody: root
        operator: root
        uucp: root

        # You should check your /etc/passwd for any others.

        # Other commonly enountered aliases are:
        #
        # abuse:       the person dealing with network and mail abuse
        # hostmaster:  the person dealing with DNS problems
        # webmaster:   the person dealing with your web site

        ####
        </pre>

        <h2 id="smarthost">2.5.4. Smarthost</h2>

        <p>Tony Finch publish a nice
        <a href="http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/conf/exim/etc/etc.cam/configure">configuration reference</a>.
        </p>

        <p>File /etc/exim/alias rewrite addresses when receiving,
        return_path and headers_rewrite rewrite addresses in header
        (envelop) while main rewrite apply rewriting to all.</p>

        <p>Test sender rewriting;</p>

        <pre>
        # exim -brw bob@box
        # exim -brw bob@remote.com
        </pre>

        <p>Test routing;</p>

        <pre>
        # exim -bt bob@box
        # exim -bt bob@remote.com
        </pre>

        <h2 id="fetchmail">2.5. Fetchmail</h2>

        <pre>
        $ prt-get depinst fetchmail
        </pre>

        <pre>
        $ sudo su
        # mkdir /var/lib/fetchmail
        # mkdir /var/run/fetchmail
        # useradd -r fetchmail
        # chown fetchmail /var/lib/fetchmail
        # chown fetchmail /var/run/fetchmail
        </pre>

        <p>Create /etc/rc.d/fetchmail and add fetchmail to /etc/rc.conf;</p>

        <pre>
        #!/bin/sh
        #
        # /etc/rc.d/fetchmail: start/stop fetchmail daemon
        #

        SSD=/sbin/start-stop-daemon
        PROG=/usr/bin/fetchmail
        PID=/var/run/fetchmail/fetchmail.pid
        IDS=/var/lib/fetchmail/.fetchids
        PUID=45
        PGID=100
        OPTS="-f /etc/fetchmailrc -i $IDS --pidfile $PID --syslog -v"

        case $1 in
        start)
                $SSD --chuid $PUID:$PGID --user $PUID --exec $PROG --start -- $OPTS
                ;;
        stop)
                $SSD --stop --remove-pidfile --retry 10 --pidfile $PID
                ;;
        restart)
                $0 stop
                $0 start
                ;;
        reload)
                $SSD --stop --signal HUP --pidfile $PID
                ;;
        status)
                $SSD --status --pidfile $PID
                case $? in
                0) echo "$PROG is running with pid $(head -1 $PID)" ;;
                1) echo "$PROG is not running but the pid file $PID exists" ;;
                3) echo "$PROG is not running" ;;
                4) echo "Unable to determine the program status" ;;
                esac
                ;;
        *)
                echo "usage: $0 [start|stop|restart|reload|status]"
                ;;
        esac
        # End of file
        </pre>

        <p>Create /etc/fetchmailrc;</p>

        <pre>
        # This file must be chmod 0600, owner fetchmail

        set daemon        300           # Pool every 5 minutes
        set syslog                      # log through syslog facility
        set postmaster  admin@box

        set no bouncemail               # avoid loss on 4xx errors
                                        # on the other hand, 5xx errors get
                                        # more dangerous...

        ##########################################################################
        # Hosts to pool
        ##########################################################################

        # Defaults ===============================================================
        # Set antispam to -1, since it is far safer to use that together with
        # no bouncemail
        defaults:
        timeout 300
        antispam -1
        batchlimit 100

        poll pop.remote.com protocol POP3 user "drbob@remote.com" there with password "secretpass" is "bob@box" here
        </pre>

        <a href="index.html">Core OS Index</a>
        <p>
        This is part of the Tribu System Documentation.
        Copyright (C) 2020
        Tribu Team.
        See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
        for copying conditions.</p>
    </body>
</html>