This a quick how-to for setting up and encrypted mail server using Exim on Debian. I have seen a bunch of web site dealing with the subject but not a complete guide. OK, enough talk, let's get started!
First install all the needed packages:
apt-get install exim4-daemon-heavy sasl2-bin
Make sure you are using split configuration files with Exim:
dpkg-reconfigure exim4-config
Next generate a self signed certificate, make sure you enter the server name and domain when the program asks for it:
/usr/share/doc/exim4-base/examples/exim-gencert
Edit /etc/exim4/conf.d/main/03_exim4-config_tlsoptions and
add MAIN_TLS_ENABLE = 1, it should look like this:
### main/03_exim4-config_tlsoptions ################################# # TLS/SSL configuration. # See /usr/share/doc/exim4-base/README.Debian.gz for explanations. MAIN_TLS_ENABLE = 1
Next enable authentication by commenting out the following section
in /etc/exim4/conf.d/auth/30_exim4-config_examples:
plain_saslauthd_server:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
server_set_id = $2
server_prompts = :
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
Do not worry that is using plain text to authenticate, the password is encrypted over TLS. Let's update the configuration and restart Exim:
update-exim4.conf /etc/init.d/exim4 restart
Next we need to configure sasl, first edit /etc/default/saslauthd so
that the service starts.
# This needs to be uncommented before saslauthd will be run automatically START=yes
Next you will need to give Exim the permission to use sasl and start the service:
adduser Debian-exim sasl /etc/init.d/saslauthd start
It should be working, I use the following python script to check that the server is working:
#!/usr/bin/python
import smtplib
server = smtplib.SMTP('mail.server.name')
server.set_debuglevel(1)
server.ehlo()
server.starttls()
server.ehlo()
server.login("joe", "test")
server.sendmail("fromaddr","toaddr", "Subject: test")