Differences

This shows you the differences between two versions of the page.

--- computing:exim4 [2021/04/02 18:49] – oemb1905
+++ computing:exim4 [2024/12/16 01:32] (current) – oemb1905
@@ Line 84: / Line 84: @@
 Notice the MAIN_TLS_ENABLE = yes line is added and will this time, survive a service restart because of the localmacros file created above. Next, it is time to symlink your TLS certificate and keypair to the default location for exim4. In my case, I already had Let’s Encrypt set up on this server for my primary domain, so I just used that pair as follows (proceed with caution):
-  cd /etc/exim4
   sudo -i
+  cd /etc/exim4
   ln -s ../letsencrypt/live/teacher.codetalkers.club/fullchain.pem exim.crt
   ln -s ../letsencrypt/live/teacher.codetalkers.club/privkey.pem exim.key
@@ Line 158: / Line 158: @@
 Okay! Happy Hacking!
-Update: Since the relay is not an incoming mail server and because there are mx records in use at gmail, I had to exclude exim4 from looking for domains locally.
+Update: If your host shares the domain with an email you use elsewhere, make sure to exclude the main local domains and comment that out.
   sudo nano /etc/exim4/exim4.conf.template
   domainlist local_domains =
+There is a big mistake above, where I specify for exim4 to listen to nothing instead of everything.  Here is what you need to change:
+  sudo nano /etc/exim4/update-exim4.conf.conf
+  dc_local_interfaces='::::0:0.0.0.0'
 On major system upgrades, exim4 often gets hosed.  Specifically, you need to fully remove and purge it, and then when you reinstall it, the command `dpkg-reconfigure exim4-config` has no ncurses output and just fails.  Here is what I found that works:
@@ Line 169: / Line 174: @@
   sudo dpkg-reconfigure exim4-config
-Rebuilding again today lol.
+Rebuilding again today lol.  Messages won't send from clients using the relay.  Delete these and restart the exim4 service:
+  rm /var/spool/exim4/db/*
+  rm /var/spool/exim4/input/*
+  rm /var/spool/exim4/msglog/*
+  rm /var/log/exim4/*
+  sysemctl restart exim4.service
+To delete all frozen emails and/or individually delete/read.
+  exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash
+To read email body:
+  exim4 -Mvb <message id>
+To view the email header:
+  exim -Mvh <message id>
+TLS can pitch an annoying warning that states "TLS connections will fail. Suggested action: either install a certificate or change tls_advertise_hosts option."  I should not be getting this Warning, nor should I have to change any options in the config, since I am already advertising TLS and properly accepting smtp connections from it (see swaks output above).  Most online resources talk about getting this warning when it is a false positive, but in this case, it is false negative, meaning it is saying I don't have this but I do.  Here's how to suppress the irrelevant and in this case, incorrect, warning:
+  sudo nano /etc/exim4/exim4.conf.template
+Search for "A weaker form" and once you get to that section look for where it states ''.else'' and then "Use upstream defaults" and then closes with ''.endif'' - right in between else/endif, put the following line:
+  tls_advertise_hosts =
+Just so you are clear, it will look like this:
+{{ :computing:tls.png?400 |}}
+To stop the relay from barfing when clients with incomplete TLS emails through it, you can do the following on the client sending th email (not on the server/relay):
+  sudo nano /etc/exim4/exim4.conf.localmacros
+  REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !*
+  systemctl restart exim4
- --- //[[jonathan@haacksnetworking.com|oemb1905]] 2021/04/02 12:47//
+ --- //[[alerts@haacksnetworking.org|oemb1905]] 2024/12/16 01:30//

Haack's Wiki

User Tools

Site Tools

Differences

Page Tools