How to Install and Configure Exim Mail Server on AlmaLinux 9

Exim is a highly configurable mail transfer agent (MTA) used for sending and receiving email. This guide will provide a comprehensive walkthrough of installing and configuring Exim on AlmaLinux 9.

Prerequisites

Before you start, ensure you have the following:

  • A server running AlmaLinux 9.
  • Root or sudo access to the server.
  • Basic knowledge of the terminal and email concepts.

Step 1: Update Your System

Start by updating your system to ensure you have the latest packages and security updates.

sudo dnf update -y

Step 2: Install Exim

Exim is available in the EPEL (Extra Packages for Enterprise Linux) repository. First, ensure the EPEL repository is enabled:

sudo dnf install -y epel-release

Now, install Exim:

sudo dnf install -y exim

Step 3: Basic Configuration of Exim

Exim’s main configuration file is located at /etc/exim/exim.conf. We’ll go through a basic setup to get Exim up and running.

3.1 Set the Primary Hostname

  1. Edit the Exim configuration file:
   sudo nano /etc/exim/exim.conf
  1. Set the primary hostname: Locate the line starting with primary_hostname and set it to your mail server’s hostname (e.g., mail.example.com):
   primary_hostname = mail.example.com

3.2 Set Local Domains

  1. Find and modify the domainlist local_domains directive: Locate the line starting with domainlist local_domains and set it to your domain(s):
   domainlist local_domains = example.com

3.3 Configure Listening Ports

  1. Ensure Exim listens on the appropriate ports: Locate the daemon_smtp_ports directive and ensure it includes port 25 (SMTP) and port 587 (submission):
   daemon_smtp_ports = 25 : 587
  1. Save and close the file: Press Ctrl+X, then Y, and Enter to save and close the file.

Step 4: Configure Mail Server Authentication

To set up SMTP authentication, we need to create an authentication file and configure Exim to use it.

4.1 Create the Authentication File

  1. Create the authentication file:
   sudo nano /etc/exim/exim.passwd
  1. Add authentication details: Add your username and password in the following format, replacing <username> and <password> with your desired credentials:
   <username>:<password>
  1. Save and close the file: Press Ctrl+X, then Y, and Enter to save and close the file.
  2. Set appropriate permissions:
   sudo chmod 600 /etc/exim/exim.passwd

4.2 Update Exim Configuration for Authentication

  1. Edit the Exim configuration file:
   sudo nano /etc/exim/exim.conf
  1. Add authentication settings: Locate the authenticators section and add the following configuration:
   plain:
     driver = plaintext
     public_name = PLAIN
     server_condition = ${if eq{$auth2_password}{${lookup{$auth2_username}lsearch{/etc/exim/exim.passwd}}}{1}{0}}
     server_set_id = $auth2_username
  1. Save and close the file: Press Ctrl+X, then Y, and Enter to save and close the file.

Step 5: Start and Enable Exim Service

  1. Start the Exim service:
   sudo systemctl start exim
  1. Enable Exim to start on boot:
   sudo systemctl enable exim
  1. Check the status of Exim:
   sudo systemctl status exim

Step 6: Configure Firewall

To allow incoming and outgoing email traffic, configure your firewall.

  1. Allow ports 25 and 587:
   sudo firewall-cmd --permanent --add-service=smtp
   sudo firewall-cmd --permanent --add-service=submission
  1. Reload the firewall configuration:
   sudo firewall-cmd --reload

Step 7: Test Your Exim Mail Server

  1. Send a test email: Use the sendmail command to send a test email:
   echo "Subject: Test Email" | sendmail -v [email protected]
  1. Check Exim logs for confirmation: View the logs to ensure the email was sent successfully:
   sudo tail -f /var/log/exim/mainlog

Step 8: Configure DNS Records

For a fully functional email server, configure the following DNS records:

8.1 MX Record

Points to your mail server:

example.com. IN MX 10 mail.example.com.

8.2 A Record

Maps the mail server hostname to an IP address:

mail.example.com. IN A 192.168.1.2

8.3 SPF Record

Indicates which mail servers are allowed to send email on behalf of your domain:

example.com. IN TXT "v=spf1 mx ~all"

8.4 DKIM Record (Optional)

For email signing, configure DKIM.

8.5 DMARC Record (Optional)

For email validation and reporting:

_dmarc.example.com. IN TXT "v=DMARC1; p=none; rua=mailto:[email protected]"

Step 9: Secure Exim with TLS

To secure your mail server communications, configure TLS.

9.1 Generate SSL Certificates

  1. Create the directory for SSL certificates:
   sudo mkdir -p /etc/exim/ssl
  1. Generate a self-signed SSL certificate:
   sudo openssl req -new -x509 -days 365 -nodes -out /etc/exim/ssl/exim.crt -keyout /etc/exim/ssl/exim.key
   sudo chmod 600 /etc/exim/ssl/exim.key

9.2 Update Exim Configuration for TLS

  1. Edit the Exim configuration file:
   sudo nano /etc/exim/exim.conf
  1. Add TLS settings: Locate the tls_certificate and tls_private_key directives and set them as follows:
   tls_certificate = /etc/exim/ssl/exim.crt
   tls_private_key = /etc/exim/ssl/exim.key
  1. Save and close the file: Press Ctrl+X, then Y, and Enter to save and close the file.
  2. Restart Exim:
   sudo systemctl restart exim

Conclusion

Congratulations! You have successfully installed and configured Exim on AlmaLinux 9. You now have a basic mail server setup capable of sending and receiving email.

Additional Resources

For advanced configurations and further customization, refer to the official Exim documentation and AlmaLinux’s official documentation.

If you run into any issues or need specific features, the Exim community forums and mailing lists are excellent places to seek help and advice.