The Ins and Outs Of Exim Mail Server
Let’s start with the obvious fact; communicating through electronic mail has become a fundamental part of our lives. To send an email from any device, you have to connect to the internet, and then open an email application like Gmail, which connects to your mail server. Simple Mail Transfer Protocol (SMTP) is the standard protocol used to send emails. Internet Mail Access Protocol (IMAP) server and Post Office Protocol (POP3) server are used to receive emails. IMAP has a distinct advantage over POP3 in that you can use multiple devices to check your sent emails. POP3 servers store sent emails on the computer hence they are only accessible from one device.
When you send an email from a computer, the message is transmitted to an STMP server through the internet. The server then forwards the email to the respective recipient using Sendmail application. Exim can be installed in place of Sendmail. Exim is a message transfer agent (MTA) freely available under GNU General public License terms. It is used on Unix-like systems.
How To Setup Exim Mail Server On Centos
Exim has a better security record than Sendmail with some of its advance features including queue handling, address routing and testing. The open source email server can be integrated with spam and virus scanners. Since exim is a MTA there is need of also installing an IMAP and POP3 email servers. Dovecot which is an open source IMAP and POP3 email server is a great choice for UNIX-like systems.
#Step 1: Update the System
First, Secure Shell(ssh) to your server and initiate a screen session. In order to achieve this, follow the command shown below:
## screen -U -S exim-dovecot
As soon as you are in a screen session, update your CentOS using yum:
## yum update
#Step 2: Enable Epel Repository
The next step makes use of the command below to enable EPEL repository on the CentOS system:
## yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
In case you encounter a 404 error, go to http://dl.fedoraproject.org/pub/epel/7/x86_64/e/ and install the latest epel-release rpm package.
You will then proceed to find out whether EPEL on your system has been enabled:
## yum repolist
Once EPEL is enabled, install some useful tools using:
## yum install file perl-Mail-SPF.noarch openssl vim
#Step 3: Generate Ssl Certificate
It is important to note that an SSL certificate is required for use in Dovecot and Exim. You can either purchase this certificate or create your own self-signed SSL certificate for mail.domain.com using the following commands:
## mkdir /root/SSL/mail.mydomain.com -p
## cd /root/SSL/mail.mydomain.com
## openssl req -nodes -x509 -newkey rsa:2048 -keyout mail.mydomain.com.key -out mail.mydomain.com.crt -days 365
Thereafter, use the command below to move the SSL certificate and key to /etc/ssl
## cp mail.mydomain.com.key mail.mydomain.com.crt /etc/ssl/
#Step 4: Install And Configure Exim
Install exim on the CentOS virtual server using yum:
## yum install exim
Once the command succeeds, open /etc/exim/exim.conf with your preferred editor as presented below.
## cp /etc/exim/exim.conf{,.orig}
## vim /etc/exim/exim.conf
primary_hostname = mail.mydomain.com
domainlist local_domains = @ : mydomain.com
tls_advertise_hosts = *
tls_certificate = /etc/ssl/mail.mydomain.com.crt
tls_privatekey = /etc/ssl/mail.mydomain.com.key
auth_advertise_hosts = *
Locate the transport section and edit the following:
local_delivery:
driver = appendfile
directory = $home/Maildir
maildir_format
maildir_use_size_file
delivery_date_add
envelope_to_add
return_path_add
Add the following lines in authenticators section:
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
Start the EXIM MTA and add it to system’s startup using systemct1.
## systemctl start exim
## systemctl status exim
## systemctl enable exim
2. How To Secure Exim Mail Server To Avoid Spamming
Mail spamming can cause resource and performance issues on the sever affecting timely delivery of clean email. There are two main categories of spam: In bound spam to users and outbound spam from compromised scripts.
Inbound Spam to users
Inbound mail spamming is an inconvenience all modern users have to deal with. The most effective way of dealing with inbound spam is blocking it at exim server. Blocking spam at the MTA saves server resources that would have been used by 3rd party spam detection tools.
Outbound spam from compromised scripts
The two main sources of outgoing spam are indirectly from a compromised webscript in a client’s account or directly from a client. Trawling the eximmainlog in search of unusual behaviour is arduous. Enabling extended logging exim configuration can make tracking down of spammers a lot easier.
Go to WHM > Exim Configuration Manager > Advanced Editor. Search for “log_selector” and ensure that the value for this configuration option includes +arguments +subject +received_recipients.
#1 Use fail:exim
The most common technique spammers use is called a dictionary attack. This is essentially sending spam through a random set of names with the hope that a few will be delivered to actual users. Disable Default Address feature within your control panel and usefail:exim to make dictionary attacks redundant by rejecting emails at the SMPTP RCPT stage.
#2 Enable WHM restrictions
WHM has the option of restricting email sent to exim, root and mailman booting out anyone trying to work around the system.
WHM > Exim Configuration Editor > Verify the existence of email senders.
WHM > Exim Configuration Editor > Use callouts to verify the existence of email senders.
Activating the above WHM options allows exim to verify that any server trying to relay an email to yours can receive a reply. A server that is unable to receive an email in reply is most likely a spammer.
Another option of spam mail monitoring is the use of 3rd party applications like SpamAssassin to scan emailsfor spam.
#3 Set Maximum Sends per hour
You can set the maximum number of email sends per hour for every domain. Implementation of this option requires caution in cases you use mailing lists for subscribers to prevent it from blockingout everything.
One of the main benefits of using exim server is that it is highly configurable possessing features that are often lacking in other MTAs. Exim is suitable for implementation of various mail policies as it allows integration of framework for content scanning.In addition, eximhas extensive documentation and a supportive community.
Exim can effectively handle thousands of emails per hour. However, its performance can be compromised when queues are large since it does not have a central queue manager.
3. Exim Command Line Examples to Check the Mail Server and Mail Queue
Checking your email serve as well as the mail queue can never be easier as the system allows for an elaborate command line that ensures this.
Here are Exim command line examples to check the mail server and mail queue:
a) In order to print the messages listed in the queue:
exim –bp
b)To print the current task of Exim:
exiwhat
c) To see the configuration settings of Exim:
exim –bP
d) To look up for queued messages from a particular sender:
exiqgrep –f [luser]@domain
e) To look for queued messages for a particular domain or recipient:
exiqgrep –r [luser]@domain
f) To print messages that have been in queue for less than an hour:
exiqgrep –y 3600 […]
g) To print only the message-id:
exiqgrep –i [ -r | -f]
h) To print only the message-id of the whole queue:
exiqgrep –i
i) To start a run of a queue for only local deliveries:
root@localhost# exim –ql –v
j) To freeze a message being viewed:
root@localhost# exim -Mf <message-id> [ <message-id> …]
k) To deliver a message whether the retry time was reached or if it was frozen:
root@localhost# exim -M <message-id> [ <message-id> … ]
l) To force a message to bounce after failing when it was cancelled by the admin:
root@localhost# exim –Mg <message-id> [ <message-id> …]
m) To remove messages five days or older:
root@localhost# exiqgrep -o 432000 -i | xargs exim –Mrm
n) To view the headers of the messages:
root@localhost# exim -Mvh <message-id>
o) To view the logs of messages:
root@localhost# exim -Mvl <message-id>
p) To edit a message’s sender:
root@localhost# exim -Mes <message-id> <address>
q) To know how many messages are in the queue:
exim -bpc
r) To print a summary or list of queued messages:
exim -bp | exiqsumm
s) To print messages older than an identified number of seconds like say for example, messages older than 24 hours:
exiqgrep -o 86400 […]
t) To match message size with a regex:
exiqgrep -s �^7..S’ […]
*this has 700-799 bytes.
u) To print a number of messages matching the search above:
exiqgrep -c …
v) To start a run of the queue:
root@localhost# exim -q -v
w) To remove a message from the queue:
root@localhost# exim -Mrm <message-id> [ <message-id> …]
x) To remove all messages from the queue.
exim -bp | awk ‘/^ *[0-9]+[mhd]/{print “exim -Mrm ” $3}’ | bash
OR
exim -bp | exiqgrep -i | xargs exim -Mrm
y) To delete a message:
root@localhost# exim -Mt <message-id> [ <message-id> …]
z) To remove messages that have been frozen:
root@localhost# exiqgrep -z -i | xargs exim -Mrm
4. Tuning Exim Mail Server Performance
To fully optimize the performance of Exim, you may use the following tweaks to increase server capability.
Queues
For Exim to better queue mail, edit edit /etc/exim/exim.conf (or /etc/exim/exim4.conf), and put the following in the main configuration of Exim:
queue_only
After doing so, edit /etc/crontab (only if your server has cron installed in it), then enter this:
5,10,15,20,25,30,35,40,45,50,55 * * * * root exim -q
This tells Exim to promptly put in queue all mail, then run a flush mail every five minutes. This speeds up the time that the scripts need to send out mail, while saving bandwidth in the long run. This allows more emails to be sent for every session using a server since the messages have already been queued.
Multiple Queues
If the server queues in hundreds of messages, it is better to create a couple of multiple queues to have a substantial increase in performance. To achieve this, put the following in the main section of configuration of /etc/exim/exim.conf:
split_spool_directory
remote_max_parallel = 5
queue_run_max = 5
These commands divide the directory so that Exim can be able to manage bigger spool files more efficiently, and generate several spool threads. In the above example, five different threads will all together deliver the mail to five different hosts at the same time.
Other Tweak for optimized server performance
Depending on the amount of email traffic you get on a daily basis, other tweaks can be made to improve the performance of the server:
Add more messages sent for every SMTP session
One trick for performance improvement is to send a huge amount of email messages sent to the same domains. By default Exim sends a max of 100 messages per session of SMTP to a particular domain. So if there are 500 messages that are being sent, Exim then will make five separate threads to deliver all of them. If you are going to increase the max messages allowed for every session, you can increase the effectivity and efficiency of the SMTP connection. Here’s what to do– edit /etc/exim/exim.conf, then enter the configuration section for transfer:
connection_max_messages 300
5. Exim Log Monitoring
Exim is composed of three basic logs necessary for mail monitoring. These logs are important to fully understand the function of the mail server and to prevent mail spamming. They are: the main log, panic log, and reject log.
Main log – takes note of message arrival and delivery in one single line for every case. Its format is as simple and concise as it can be to be able to minimize the size of each log file. Flag sequences with two characters are used to easily identify the lines for this log. Other events are noted in the main log. While some are completely optional, others are selected by the log selector option and it decides if it needs to be included or should be ignored. Eximstats, a script that analyses the main log files, is provided to aid this tool.
Panic log – Sometimes heavily destructive errors cannot be prevented. When they do, Exim writes them into its panic log. If the specific error is indeed very serious and can cause damage, Exim destroys it. Entries in the panic log are most of the time seen in the main log too, but can be missed because of the other numerous entries in the main log. If Exim is running properly, the panic log usually remains empty. However it is always good to take extra precaution and check it once in a while to make sure there aren’t any problems that need to be taken care of ASAP. In cases where Exim is unable to open its panic log, it resorts to writing on the system log as a failsafe.
Reject log – This log contains data from messages that are excluded because of a configuration option. When a message is rejected, the line containing the rejection log is also written on the main log so that it can be read right away. In any case that the header of the message was already read at the time that the log was written, then the information is written on the reject log. However, the header lines are the only ones accessible. You may utilize the reject log to make sure if the policy controls are working fine. This method is easier if you have a busy host instead of looking for rejection messages at the main log.
