[Exim] Exim quick start - comments

Top Pagina
Delete this message
Reply to this message
Auteur: Patrick Kirk
Datum:  
Aan: Exim Users
Onderwerp: [Exim] Exim quick start - comments
Hi all,

Chris Seberino and I have put together this easy install HOWTO for Exim.

If anyone sees any obvious gotchas, please let me know. Whether the
security of the mail and log folders is correct is my last real area of
concern.

If this procedure works, there's an easy to use script called eximconfig
that comes with Debian. It could be modified to run all the steps in
this HOWTO thus making Exim installation very easy for new users.


--

Patrick Kirk

GSM: +44 7876 560 646
ICQ: 42219699

===============================================

Exim Quick Installation HOWTO v1

Patrick Kirk                Chris Seberino 
<patrick@???>        <seberino@???>


September 6, 2001


===============================================

Overview
----------
Why use Exim? Exim is a powerful mail server available under the GPL.
Exim is one of the most widely used mail servers on the Internet so its
functionality and track record are very well known. Installed properly,
Exim is very secure. It is easy to manage which is why it is the
default mail server in the Debian Linux distribution.

Purpose of this document
--------------------------
This is intended as a quick start that enables you to install Exim and
make it available to other PCs on a LAN. If you are planning to have in
excess of a million messages a
day, please read the documentation on scalability on www.exim.org. But
if you are installing for a company up to 500 or so mail users, or as a
mail server on a home LAN, then this setup is fine.

===============================================

Installation and Configuration

1. Users, Directories and Security settings
--------------------------------------------

Exim is run as a local user, thus avoiding root exploits. First we must
add a user and group as well as prepare mail and log
directories.

Choose a user ID and group ID that suits you...having them both the same
just makes creating security permissions a little simpler for me, hence
choosing 111 for both. In this example, the username is exim_mail.

First in /etc/passwd, add :

exim_mail:x:111:111::/var/mail:/bin/false

Then in /etc/group, add :
exim_mail:x:111:

For security reasons, we don't not have exim send messages to root but
to the systems administrator. Edit, or create if it isn't there,
/etc/aliases:

postmaster: root
root: your login name
abuse: your login name


Then execute the following commands:

mkdir -p /var/spool/mail &&
mkdir -p /var/log/exim &&
chown -R exim_mail /var/spool/mail &&
chown -R exim_mail /var/log/exim &&
chmod -R u+g /var/spool/mail &&
chmod -R u+g /var/log/exim

The && after commands means you can copy all these commands as a unit
and paste them into a command box, and have it execute as one neat
series. Don't say we don't look after you ;-)


2. Dependencies
-----------------

Exim requires a database. Most Unix/Linux/BSD sytems comes with
Berkeley DB installed. Its a free highly functional database. If you
are unable to compile Exim because it can't find a database, download
Berkeley DB from www.sleepycat.com, and run the following command:

cd /usr/src/ &&
tar xzvf /pathtoBerkeley.tar.gz &&
./configure prefix=/usr &&
make &&
make install

This installs Berkeley database libraries in /usr/lib which is where
applications, that depend on it look first.

3. Getting the source code
----------------------------
The latest version of Exim is always available
http://www.exim.org/mirrors.html

Uncompress and untar Exim sources:

    cd /usr/src
    tar xvfz /path-to/exim-<version>.tar.gz.


4. The Makefile
-----------------

Change to the Exim source directory. Please do take a look at README. In
the Exim source directory, make a directory called Local. In Local,
create a file, Makefile, with the following text:

# Where the executable will reside
BIN_DIRECTORY=/usr/local/bin

# The run time control file. Best keep all run-time control #files in
# /etc as you can then backup all your system
#configuration by copying /etc/

CONFIGURE_FILE=/etc/exim.conf

# If you have not followed step 1 in making this user id 111, #set this
# equal to output of "id -u exim_user".
EXIM_UID=111

# If you have not followed step 1 in making this group id #111, set this
# equal to output of "id -g exim_user".
EXIM_GID=111

# Its best just assume that these are needed even if you don't # know
# how you will use them.
DIRECTOR_LOCALUSER=yes
DIRECTOR_FORWARDFILE=yes
DIRECTOR_ALIASFILE=yes
DIRECTOR_SMARTUSER=yes
TRANSPORT_APPENDFILE=yes
TRANSPORT_AUTOREPLY=yes
TRANSPORT_PIPE=yes
TRANSPORT_SMTP=yes

# Uncomment these only if using previously installed #OpenSSL when
# sending email.
#SUPPORT_TLS=yes
#TLS_LIBS=-lssl -lcrypto

MSGLOG_DIRECTORY_MODE=0700
SPOOL_DIRECTORY=/var/spool/mail
SPOOL_DIRECTORY_MODE=07
SPOOL_MODE=0600
LOG_FILE_PATH=/var/log/exim/exim_%slog
LOG_DIRECTORY_MODE=0750
LOG_MODE=0644
LOOKUP_DBM=yes
LOOKUP_LSEARCH=yes
ROUTER_DOMAINLIST=yes
ROUTER_LOOKUPHOST=yes
ROUTER_IPLITERAL=yes
ROUTER_QUERYPROGRAM=yes

5. Compiling and installing
-----------------------------

Execute "make" and "make install" as root.

6. Enabling Exim
--------------------

For historical reasons, many programs look for /usr/lib/sendmail to send
mail so lets make this service available.
    
    ln -s /usr/local/bin/exim /usr/lib/sendmail &&


    ln -s /usr/local/bin/exim /usr/sbin/sendmail.


7. Creating a secure runtime configuration
--------------------------------------------

All the functionality of Exim is controlled from /etc/exim.conf

Edit the new /etc/exim.conf and find the following entries:

qualify_domain =
# Set this the the name that appears after the @ in your email address

local_domains =
# Set this to locahost and the name that appears after the @
# in your email address seperated by a colon.
# for example localhost:enterprise-hr.com for Patrick.

host_accept_relay = 127.0.0.1:

# Add in the range used by machines on your LAN. If you #do not have a
# LAN or are unsure, don't edit this. Example: #for a LAN with IP
# Address range 192.168.0.0/24, you put #that in here:
# host_accept_relay = 127.0.0.1:192.168.0.0/24

Everything else in /etc/exim.conf should just work nicely out of the
box.

8. Activating Exim
--------------------

To receive email anytime execute the following:

    /usr/sbin/sendmail -bd -q15m


Exim is now listening on port 25 for mail from the machine itself or
from the address range you specified in /etc/exim.conf

9. Housekeeping
-----------------

Add /usr/local/bin/exicyclog in crontab file to rotate logs
periodically.

10. Congratulations!
----------------------

You now have a secure mail server at your disposal. For more help or
details, please refer to: www.exim.org, the Exim mailing list
(accessible from www.exim.org) or "Exim, The Mail Transfer Agent" by
Philip Hazel and published by O'Reilly.