Preface:
This walkthrough is by no means complete nor does it aim at explaining every aspect of configuring exim. It is by no means professional or error free, but rather a description of what worked for me.
Why?
Looking back I have to say that setting up exim was indeed an easy task. Looking further back I have to admit I wouldn't have said that when I first downloaded the source. That's why I decided to share my experiences.
What?
What I wanted to achive was setting up exim, so that
The setup
How?
First of all I downloaded the source as a .tar.gz, did a tar -xzf, read README and copied src/EDITME to Local/Makefile. I then edited Local/Makefile to look like this:
# Local/Makefile BIN_DIRECTORY = /usr/local/exim/bin CONFIGURE_FILE = /usr/local/exim/exim.conf SPOOL_DIRECTORY = /usr/local/exim/spool LOG_FILE_PATH = /usr/local/exim/log/%s SYSTEM_ALIASES_FILE = /usr/local/exim/aliases EXIM_USER=smmsp EXIM_GROUP=smmsp ROUTER_ACCEPT=yes ROUTER_DNSLOOKUP=yes ROUTER_IPLITERAL=yes ROUTER_MANUALROUTE=yes ROUTER_QUERYPROGRAM=yes ROUTER_REDIRECT=yes TRANSPORT_APPENDFILE=yes TRANSPORT_AUTOREPLY=yes TRANSPORT_PIPE=yes TRANSPORT_SMTP=yes LOOKUP_DBM=no LOOKUP_LSEARCH=yes AUTH_PLAINTEXT=yes SUPPORT_PAM=yes EXTRALIBS=-L/usr/local/lib -lpam -lwrap EXICYCLOG_MAX=10 COMPRESS_COMMAND=/usr/bin/gzip COMPRESS_SUFFIX=gz ZCAT_COMMAND=/usr/bin/zcat NO_SYMLINK=yesBecause I switched from sendmail I decided to reuse user smmsp for exim. Notice that EXIM_GROUP=smmsp was a bad decision as I have to switch to group shadow so that I can have PAM read /etc/shadow. You might want to set the correct group right away.
I now did a "make", switched to build-Linux-i386 and ran "make install". After that a /usr/local/exim/exim -bV showed the following output:
Exim version 4.14 #7 built 14-Apr-2003 23:20:32 Copyright (c) University of Cambridge 2003 Berkeley DB: Sleepycat Software: Berkeley DB 3.1.17: (July 31, 2000) Support for: PAM Authenticators: plaintext Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile autoreply pipe smtp Configuration file is /usr/local/exim/exim.confEverything looks alright (I always wanted to say that), so let's modify exim.conf. Here's what mine looked like:
# exim.conf
# we run as shadow because we need PAM to access /etc/shadow
exim_group = shadow
primary_hostname = domain.de
qualify_domain = domain.de
qualify_recipient = domain.de
domainlist local_domains = lsearch;/usr/local/exim/localdomains
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1
acl_smtp_rcpt = acl_check_rcpt
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 30s
freeze_tell = postmaster
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
begin acl
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP)
accept hosts = :
# ...and everyone that authenticated
accept authenticated = *
# Deny if the local part contains @ or % or / or | or !.
deny local_parts = ^.*[@%!/|] : ^\\.
# Always accept mail to postmaster
accept local_parts = postmaster
domains = +local_domains
# look up connecting host on RBLs
deny message = $sender_host_address blacklisted at $dnslist_domain
dnslists = bl.spamcop.net
warn message = X-Warning: $sender_host_address blacklisted at $dnslist_domain
dnslists = dialups.mail-abuse.org
# Accept mail for us
accept domains = +local_domains
# and mail spawned locally
accept hosts = +relay_from_hosts
# else: go away
deny message = relaying without proper authentication denied
begin routers
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = transport_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
data = ${lookup{${lc:$local_part}}lsearch{/usr/local/exim/aliases}}
# This is for a newsletter daemon
deltanl_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{${lc:$local_part}@$domain}lsearch{/usr/local/exim/aliases.deltanl}}
user = smmsp
group = smmsp
pipe_transport = transport_pipe_deltanl
vhost_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{${lc:$local_part}}lsearch*{/usr/local/exim/aliases.$domain}}
user = smmsp
group = smmsp
pipe_transport = transport_pipe
procmail:
driver = accept
check_local_user
transport = transport_pipe_procmail
require_files = ${local_part}:+${home}:+${home}/.procmailrc:+/usr/bin/procmail
no_verify
localuser:
driver = accept
check_local_user
transport = transport_local
begin transports
transport_smtp:
driver = smtp
transport_local:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
transport_pipe:
driver = pipe
return_output
transport_pipe_deltanl:
driver = pipe
return_fail_output
transport_pipe_procmail:
driver = pipe
command = "/usr/bin/procmail"
return_path_add
delivery_date_add
envelope_to_add
begin retry
# Domain Error Retries
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
auth_plain:
driver = plaintext
public_name = PLAIN
server_condition = "${if pam{$2:$3}{yes}{no}}"
server_prompts = :
server_set_id = $2
auth_login:
driver = plaintext
public_name = LOGIN
server_condition = "${if pam{$1:$2}{yes}{no}}"
server_prompts = Username:: : Password::
server_set_id = $1
# End of Exim configuration file
The authenticator works for the most recent versions of Mozilla and Outlook Express.
[Edit: 2003-12-29] At least that's what I thought before "ian" e-mailed me a correction:
There's a problem with the exim authentication section.
if the password has a : in it the authenticator will fail.
Here's an updated section that will address that.
begin authenticators
fixed_login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if pam{$1:${sg{$2}{:}{::}}}{1}{0}}"
server_set_id = $1
fixed_plain:
driver = plaintext
public_name = PLAIN
server_condition = "${if pam{$2:${sg{$3}{:}{::}}}{1}{0}}"
server_set_id = $1