Exim4 trickery

From eddynetweb's cesspit
Jump to: navigation, search

Common things I deal with when setting up exim4.

Force TLS on all SMTP connections

How should I force SMTP to use TLS exclusively?

Issue


Traditionally, we've allowed SMTP to communicate over a variety of different ports, including port 25 (insecure). In this instance, we want to make sure that all the connections are made using TLS.

Solution


Simply visit the below directory with your choice of text editor:

/etc/exim4/exim4.conf.template

Then simply look for the following block:

tls_advertise_hosts = * 
tls_certificate = /path/to/ssl/certificate.crt
tls_privatekey = /path/to/ssl/certificate.key

...and add the following block. You'll find we've added a new line called "auth_advertise_hosts" in this instance:

tls_advertise_hosts = * 
auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
tls_certificate = /path/to/ssl/certificate.crt
tls_privatekey = /path/to/ssl/certificate.key

This will force connections when authenticating towards TLS.

Restart exim4 and done!

Adding custom headers to outgoing mail

If you've ever wondered how to add custom headers...

Issue


I want to be able to provide more information from within the headers as what to do misc. (such as reporting abuse for spam, etc.)

Solution


Simply visit the below directory with your choice of text editor:

/etc/exim4/exim4.conf.template

Which you will search for the following instance:

dnslookup:
  driver = dnslookup
  domains = !+local_domains
  transport = remote_smtp
  no_more

...and add your custom header using "headers_add":

dnslookup:
  driver = dnslookup
  domains = !+local_domains
  transport = remote_smtp
  headers_add = "X-AntiAbuse: Suspected Abuse? Forward this email (including headers) to abuse@eddyn.net\n\
               X-AntiAbuse: Primary Hostname - $primary_hostname\n\
               X-AntiAbuse: Original Domain - $original_domain\n\
               X-AntiAbuse: Originator/Caller UID/GID - [$originator_uid $originator_gid] / [$caller_uid $caller_gid]\n\
               X-AntiAbuse: Sender Address Domain - $sender_address_domain\n"
  no_more

This will technically place it at the bottom of the sent mail, but you can shift it up using other sections, such as the ".ifdef SPAMASSASSIN" section.

Make sure to restart exim4 for functionality!