Exim4 trickery
Common things I deal with when setting up exim4.
Force TLS on all SMTP connections
How should I force SMTP to use TLS exclusively?
Issue
Traditionally, we've allowed SMTP to communicate over a variety of different ports, including port 25 (insecure). In this instance, we want to make sure that all the connections are made using TLS.
Solution
Simply visit the below directory with your choice of text editor:
/etc/exim4/exim4.conf.template
Then simply look for the following block:
tls_advertise_hosts = *
tls_certificate = /path/to/ssl/certificate.crt
tls_privatekey = /path/to/ssl/certificate.key
...and add the following block. You'll find we've added a new line called "auth_advertise_hosts" in this instance:
tls_advertise_hosts = *
auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
tls_certificate = /path/to/ssl/certificate.crt
tls_privatekey = /path/to/ssl/certificate.key
This will force connections when authenticating towards TLS.
Restart exim4 and done!
Adding custom headers to outgoing mail
If you've ever wondered how to add custom headers...
Issue
I want to be able to provide more information from within the headers as what to do misc. (such as reporting abuse for spam, etc.)
Solution
Simply visit the below directory with your choice of text editor:
/etc/exim4/exim4.conf.template
Which you will search for the following instance:
dnslookup:
driver = dnslookup
domains = !+local_domains
transport = remote_smtp
no_more
...and add your custom header using "headers_add":
dnslookup:
driver = dnslookup
domains = !+local_domains
transport = remote_smtp
headers_add = "X-AntiAbuse: Suspected Abuse? Forward this email (including headers) to abuse@eddyn.net\n\
X-AntiAbuse: Primary Hostname - $primary_hostname\n\
X-AntiAbuse: Original Domain - $original_domain\n\
X-AntiAbuse: Originator/Caller UID/GID - [$originator_uid $originator_gid] / [$caller_uid $caller_gid]\n\
X-AntiAbuse: Sender Address Domain - $sender_address_domain\n"
no_more
This will technically place it at the bottom of the sent mail, but you can shift it up using other sections, such as the ".ifdef SPAMASSASSIN" section.
Make sure to restart exim4 for functionality!
Make sure to reset nginx!