Exim Configuration

Edit the configuration file /usr/local/exim/exim.conf :


bash# vi /usr/local/exim/exim.conf
and make the modifications described in the following sections.

Main (General) Configurations

Modify these parameters at /usr/local/exim/exim.conf at the MAIN CONFIGURATION SETTINGS section:


primary_hostname = dns3.inima.al
domainlist local_domains = dns3.inima.al : proxy1.inima.al
domainlist relay_to_domains = inima.al : *.inima.al : akad.edu.al : ert.gov.al : cstid.edu.al
hostlist   relay_from_hosts = 127.0.0.1 : 192.168.240.0/20 : 193.254.1.0/24
relay_to_domains are the domains for which exim accepts email and relay_from_hosts are the hosts/networks which can send email using exim.

Add these general parameters before the ACL CONFIGURATION section:


# Who to send a mail to when a message is frozen
freeze_tell = postmaster

# Time before a queue runner will try a new delivery attempt
# on any frozen message. Default is 0s
auto_thaw = 2d

# Max number of simultaneous SMTP calls to accept
# (aka max number of exim processes) Default is 20
smtp_accept_max = 10

# Max number of waiting SMTP connections.
# Gives some protection against denial-of-service attacks by SYN flooding
# Default is 20
smtp_connect_backlog = 10

# Max number of MAIL commands that Exim is prepared to accept over a
# single SMTP connection, after which a 421 is given. Default is 1000
smtp_accept_max_per_connection = 50

# Max message size to accept
# Default is 50M
message_size_limit = 20M

# Max bounce message size to send
# Default is 100K
return_size_limit = 10K
# Alternative to return_size_limit is to set
#bounce_return_message = false

# Redundant pairs of angle brackets around addresses are removed
# Default is false
strip_excess_angle_brackets = true

# Ignore a trailing dot at the end of a domain in an address
# Default is false
strip_trailing_dot = true

Filter Configuration

  1. Add these parameters at /usr/local/exim/exim.conf , before the ACL CONFIGURATION section:

    
# specify the system filter file
    system_filter = /usr/local/exim/exim.filter
    system_filter_user = mail
    system_filter_group = mail
    

  2. Create the system filter file /usr/local/exim/exim.filter with this content:

    
# Exim filter  -- do not remove it, it is required, it is not a comment
                                                                                    
    ### throw away junk or bulk
    if
      $h_precedence: is "junk" or
      $h_precedence: is "bulk"
    then
      seen finish
    endif
                                                                                    
    ### forward mrtg errors to dhoxha, nfra, agor and nresulaj
    if
      $h_from: contains "root@" and
      $h_subject: contains "/usr/bin/mrtg"
    then
      deliver nfra@inima.al
      deliver dhoxha@inima.al
    endif
                                                                                    
    if
      $h_from: contains "MAILER-DAEMON@hpe25.inima.al"
    then
      deliver nfra@inima.al
    endif
    

  3. Create a test message, like this:

    
From root@localhost Sat Mar 27 18:31:31 2004
    Date: Thu, 29 Apr 2004 10:50:29 +0200
    To: postmaster
    From: MAILER-DAEMON@hpe25.inima.al
    Subject: test
    
    test message
    
    
    and test the system filter file:
    
bash$ bin/exim -bF exim.filter < test.msg
    bash$ bin/exim -v -bF exim.filter $amp;lt; test.msg
    

  4. Restart exim:

    
bash# /sbin/service exim restart
    

ACL Configuration

These access rules provide some protection against spam and void messages, (e.g. messages sent to a user that does not exist at inima.al).

Add these rules after require verify = sender :


  # Do not accept HELO/EHLO from hosts using our IP(s) in HELO
  # Could exclude internal IPs, but they should never HELO with our inet IP
  # Remember to update file if IP(s) change!
  deny message     = Forged IP in HELO.
       log_message = HELO is our IP
       condition   = ${lookup {$sender_helo_name} \
                     lsearch{/usr/local/exim/our_inet_ips.txt} \
                     {yes}{no}}

  # Deny unless the sender address can be verified.
  deny    message = From email address must be valid
          # do not check address for lists or bounces
          # or people in our company contact database
          #senders = ^.*-request@.*
          # do not check for DSN-ignorant domains
          # iow those that don't accept MAIL FROM:<>
          !verify  = sender/defer_ok

  # deny if the domain is inima.al but the local_part is not in the
  # list of users (users.inima.al)
  deny domains = inima.al
       local_parts = !lsearch;/usr/local/exim/users.inima.al

Create the file /usr/local/exim/our_inet_ips.txt with all the IP numbers of the server:


80.78.70.178
193.254.1.195
192.168.251.195

Create the file /usr/local/exim/users.inima.al with all the users of the domain inima.al (users of the server hpe25.inima.al):


nfra
gbeq
dhoxha
agor
enal
...

Routers Configuration

In the ROUTERS CONFIGURATION section add these routers at the beginning, after begin routers :


# This router forwards all the emails for the domain inima.al
# to the server hpe25.inima.al (without any DNS lookup, MX records etc.)
special:
  driver = manualroute
  transport = remote_smtp
  route_list = inima.al hpe25.inima.al

### N.Frasheri 24 aug 2004 test smarthost
### fail: "cannot find router driver "domainlist"
#smarthost:
#   driver = domainlist
#   transport = remote_smtp
#   route_list = "* 193.254.1.197 bydns_a"
###   route_list = "* mail.example.com bydns_a"

Also uncomment allow filter at userforward: router.


userforward:
  driver = redirect
  check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
  file = $home/.forward
  allow_filter
  no_verify
  no_expn
  check_ancestor
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply

Transports Configuration

At the TRANSPORTS CONFIGURATION section add these transports:


# NFrasheri: SMTP transport
                                                                                
smtp:
  driver = smtp
  delay_after_cutoff = false

local_delivery:
  driver = appendfile
  file = /var/mail/$local_part
  delivery_date_add
  envelope_to_add
  return_path_add
  group = mail       # uncomment these two lines
  mode = 0660

Retry Configuration

At the RETRY CONFIGURATION section modify this line:


#*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
*                      *           F,2h,15m; G,6h,1h,1.5; F,4d,6h