Haack's Wiki

User Tools

Site Tools

Trace:
computing:exim4

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computing:exim4 [2021/04/02 18:49] oemb1905computing:exim4 [2024/12/16 01:32] (current) oemb1905
Line 84: Line 84:
 Notice the MAIN_TLS_ENABLE = yes line is added and will this time, survive a service restart because of the localmacros file created above. Next, it is time to symlink your TLS certificate and keypair to the default location for exim4. In my case, I already had Let’s Encrypt set up on this server for my primary domain, so I just used that pair as follows (proceed with caution): Notice the MAIN_TLS_ENABLE = yes line is added and will this time, survive a service restart because of the localmacros file created above. Next, it is time to symlink your TLS certificate and keypair to the default location for exim4. In my case, I already had Let’s Encrypt set up on this server for my primary domain, so I just used that pair as follows (proceed with caution):
  
-  cd /etc/exim4 
   sudo -i   sudo -i
 +  cd /etc/exim4
   ln -s ../letsencrypt/live/teacher.codetalkers.club/fullchain.pem exim.crt   ln -s ../letsencrypt/live/teacher.codetalkers.club/fullchain.pem exim.crt
   ln -s ../letsencrypt/live/teacher.codetalkers.club/privkey.pem exim.key   ln -s ../letsencrypt/live/teacher.codetalkers.club/privkey.pem exim.key
Line 158: Line 158:
 Okay! Happy Hacking! Okay! Happy Hacking!
  
-Update: Since the relay is not an incoming mail server and because there are mx records in use at gmailI had to exclude exim4 from looking for domains locally.+Update: If your host shares the domain with an email you use elsewheremake sure to exclude the main local domains and comment that out.
      
   sudo nano /etc/exim4/exim4.conf.template   sudo nano /etc/exim4/exim4.conf.template
   domainlist local_domains =   domainlist local_domains =
 +  
 +There is a big mistake above, where I specify for exim4 to listen to nothing instead of everything.  Here is what you need to change:
 +
 +  sudo nano /etc/exim4/update-exim4.conf.conf
 +  dc_local_interfaces='::::0:0.0.0.0'
  
 On major system upgrades, exim4 often gets hosed.  Specifically, you need to fully remove and purge it, and then when you reinstall it, the command `dpkg-reconfigure exim4-config` has no ncurses output and just fails.  Here is what I found that works: On major system upgrades, exim4 often gets hosed.  Specifically, you need to fully remove and purge it, and then when you reinstall it, the command `dpkg-reconfigure exim4-config` has no ncurses output and just fails.  Here is what I found that works:
Line 169: Line 174:
   sudo dpkg-reconfigure exim4-config   sudo dpkg-reconfigure exim4-config
      
-Rebuilding again today lol.+Rebuilding again today lol.  Messages won't send from clients using the relay.  Delete these and restart the exim4 service: 
 + 
 +  rm /var/spool/exim4/db/
 +  rm /var/spool/exim4/input/
 +  rm /var/spool/exim4/msglog/
 +  rm /var/log/exim4/
 +  sysemctl restart exim4.service 
 +   
 +To delete all frozen emails and/or individually delete/read. 
 + 
 +  exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash 
 + 
 +To read email body: 
 + 
 +  exim4 -Mvb <message id> 
 + 
 +To view the email header: 
 + 
 +  exim -Mvh <message id> 
 + 
 +TLS can pitch an annoying warning that states "TLS connections will fail. Suggested action: either install a certificate or change tls_advertise_hosts option."  I should not be getting this Warning, nor should I have to change any options in the config, since I am already advertising TLS and properly accepting smtp connections from it (see swaks output above).  Most online resources talk about getting this warning when it is a false positive, but in this case, it is false negative, meaning it is saying I don't have this but I do.  Here's how to suppress the irrelevant and in this case, incorrect, warning: 
 + 
 +  sudo nano /etc/exim4/exim4.conf.template 
 +   
 +Search for "A weaker form" and once you get to that section look for where it states ''.else'' and then "Use upstream defaults" and then closes with ''.endif'' - right in between else/endif, put the following line: 
 + 
 +  tls_advertise_hosts = 
 + 
 +Just so you are clear, it will look like this: 
 + 
 +{{ :computing:tls.png?400 |}} 
 + 
 +To stop the relay from barfing when clients with incomplete TLS emails through it, you can do the following on the client sending th email (not on the server/relay): 
 + 
 +  sudo nano /etc/exim4/exim4.conf.localmacros 
 +  REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = !* 
 +  systemctl restart exim4
  
- --- //[[jonathan@haacksnetworking.com|oemb1905]] 2021/04/02 12:47//+ --- //[[alerts@haacksnetworking.org|oemb1905]] 2024/12/16 01:30//
computing/exim4.1617389340.txt.gz · Last modified: by oemb1905

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki