Exim

Discussion in 'Tips/Tricks/Mods' started by Arricc, Nov 27, 2006.

  1. Arricc

    Arricc New Member

    After struggling with postfix, and refusing to use Sendmail, I decided to have a bash at using ISPConfig with Exim (which I use by preference).

    It turned out to be very simple.

    I use Debian, so this will be specific to Debian using the exim4-daemon-light package.

    I installed exim4 again (after having had postfix and sendmail installed).

    I decided on a non-split config option (though it would be simple to do it with the split config) and made the following changes to exim4.conf.template :
    near the top of the file I added:
    Code:
    MAIN_TLS_ENABLE =yes
    AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = yes
    Made a copy of the system_aliases router immediately below it and called it hosted_aliases. Changed it to look at /etc/postfix/virtusertable instead of /etc/aliases and to lookup $local_part@$domain instead of just $local_part:
    Code:
      data = ${lookup{$local_part@$domain}lsearch{/etc/postfix/virtusertable}}
    I use courier for my pop3/imap server so I uncommented the plain_courier_authdaemon and login_courier_authdaemon sections in the example authenticators section. I had to "chmod o+rw /var/run/courier/authdaemon/" to allow exim to read that file. There are other options available in there should you so choose.

    Next I copied the files smtpd.crt and smtpd.key from /etc/postfix/ssl to /etc/exim4 and called them exim4.crt and exim4.key respectively.

    Edit /etc/exim4/update-exim4.conf.conf and change the following line:
    Code:
    dc_other_hostnames='/etc/postfix/local-host-names'
    Then, to finish faking out ISPConfig to make it believe its still talking to postfix...
    Code:
    cd /etc/init.d
    ln -s exim4 postfix
    Think thats everything, but if it doesn't work for you I can check my setup.

    Hope thats of some help to folk, and also to the developers as I'd like to see Exim actually supported by ISPConfig (though I believe its in the roadmap?) :)
     
  2. till

    till Super Moderator

    Thanks for the howto, I moved it to the Tipps & Tricks forum.

    I guess ISPConfig was already installed as you changed to exim? The ISPConfig installer is checking for a postfix installation. So it might be nescessary to tweak the ISPConfig installer to recognize exim as valid MTA or postfix replacement.
     
  3. Arricc

    Arricc New Member

    Yeah, I followed the perfect debian install, then setup ISPConfig.

    The problem is that I was running it under linux-vserver. Postfix couldn't send any mail to the domains with inbound MX records on the other IPs on the box as despite the fact it was only bound to a single IP I kept getting the "mail for example.com loops back to me" message. I know nothing about postfix and all the solutions said to add those domains to my list of local domains, which they're not. Thankfully I know a lot about Exim :)

    I'll try and get a few minutes this week to write exim conf files for inclusion in a split Exim4 Debian config.
     
  4. Arricc

    Arricc New Member

    Okay... so these files are for those people using the exim4 split config as pioneered by Debian (yes their config looks hella complicated, but most people would never need to touch it and when you know how it works its nice and easy to fiddle.)

    Code:
    #/etc/exim4/conf.d/main/000_exim4-ISPConfig_options
    # ISPConfig options for Exim
    # Edit this file to set match the options in your mail server setup
    # in your ISPConfig setup
    
    #ISPCONFIG_ALIASFILE = /etc/exim4/virtusertable
    #AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = yes
    #ISPCONFIG_COURIER_AUTH=yes
    ##This option requires you to copy the postfix smtpd.crt and smtpd.key to 
    ## /etc/exim4 as exim4.crt and exim4.key
    #MAIN_TLS_ENABLE = yes
    
    Code:
    #/etc/exim4/conf.d/router/450_exim4-ISPConfigAliases
    # This router handles aliasing for ISPConfig users using the configured alias file.
    #
    .ifdef ISPCONFIG_ALIASFILE
    ISPConfig_aliases:
      debug_print = "R: ISPConfig_aliases for $local_part@$domain"
      driver = redirect
      domains = +local_domains
      allow_fail
      allow_defer
      data = ${lookup{$local_part@$domain}lsearch{ISPCONFIG_ALIASFILE}}
      .ifdef SYSTEM_ALIASES_USER
      user = SYSTEM_ALIASES_USER
      .endif
      .ifdef SYSTEM_ALIASES_GROUP
      group = SYSTEM_ALIASES_GROUP
      .endif
      .ifdef SYSTEM_ALIASES_FILE_TRANSPORT
      file_transport = SYSTEM_ALIASES_FILE_TRANSPORT
      .endif
      .ifdef SYSTEM_ALIASES_PIPE_TRANSPORT
      pipe_transport = SYSTEM_ALIASES_PIPE_TRANSPORT
      .endif
      .ifdef SYSTEM_ALIASES_DIRECTORY_TRANSPORT
      directory_transport = SYSTEM_ALIASES_DIRECTORY_TRANSPORT
      .endif
    
    # end ifdef ISPCONFIG_ALIASFILE
    .endif
    
    Now, for authentication...
    Code:
    #/etc/exim4/conf.d/auth/999_exim4-ISPConfig-Auth_Courier
    #################################
    # This file is copied straight from auth/30_exim4-config_examples
    
    # This is now the (working!) example from
    # http://www.exim.org/eximwiki/FAQ/Policy_controls/Q0730
    # Possible pitfall: access rights on /var/run/courier/authdaemon/socket.
    ### This may be a security risk:
    ### chmod o+rw /var/run/courier/authdaemon/
    ###
    
    .ifdef ISPCONFIG_COURIER_AUTH
     plain_courier_authdaemon:
       driver = plaintext
       public_name = PLAIN
       server_condition = \
         ${extract {ADDRESS} \
                   {${readsocket{/var/run/courier/authdaemon/socket} \
                   {AUTH ${strlen:exim\nlogin\n$2\n$3\n}\nexim\nlogin\n$2\n$3\n} }} \
                   {yes} \
                   fail}
       server_set_id = $2
       .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
       server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
       .endif
    
     login_courier_authdaemon:
       driver = plaintext
       public_name = LOGIN
       server_prompts = Username:: : Password::
       server_condition = \
         ${extract {ADDRESS} \
                   {${readsocket{/var/run/courier/authdaemon/socket} \
                   {AUTH ${strlen:exim\nlogin\n$1\n$2\n}\nexim\nlogin\n$1\n$2\n} }} \
                   {yes} \
                   fail}
       server_set_id = $1
       .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
       server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
       .endif
    #endif ISPCONFIG_COURIER_AUTH
    .endif
    

    Don't forget you need to add whatever file ISPConfig is using to generate local domains. Either edit /etc/exim4/update-exim4.conf.conf to set dc_other_hostnames. Eg:
    Code:
    dc_other_hostnames='/etc/exim4/local-host-names'
    I'm not sure if running "dpkg-reconfigure exim4-config" will work with putting in a file name.

    I think ISPConfig will have write permission on the files in my confs by default.
     

Share This Page