Exim is a highly configurable mail transfer agent (MTA) used for sending and receiving email. This guide will provide a comprehensive walkthrough of installing and configuring Exim on AlmaLinux 9.
Prerequisites
Before you start, ensure you have the following:
- A server running AlmaLinux 9.
- Root or sudo access to the server.
- Basic knowledge of the terminal and email concepts.
Step 1: Update Your System
Start by updating your system to ensure you have the latest packages and security updates.
sudo dnf update -y
Step 2: Install Exim
Exim is available in the EPEL (Extra Packages for Enterprise Linux) repository. First, ensure the EPEL repository is enabled:
sudo dnf install -y epel-release
Now, install Exim:
sudo dnf install -y exim
Step 3: Basic Configuration of Exim
Exim’s main configuration file is located at /etc/exim/exim.conf
. We’ll go through a basic setup to get Exim up and running.
3.1 Set the Primary Hostname
- Edit the Exim configuration file:
sudo nano /etc/exim/exim.conf
- Set the primary hostname: Locate the line starting with
primary_hostname
and set it to your mail server’s hostname (e.g.,mail.example.com
):
primary_hostname = mail.example.com
3.2 Set Local Domains
- Find and modify the
domainlist local_domains
directive: Locate the line starting withdomainlist local_domains
and set it to your domain(s):
domainlist local_domains = example.com
3.3 Configure Listening Ports
- Ensure Exim listens on the appropriate ports: Locate the
daemon_smtp_ports
directive and ensure it includes port 25 (SMTP) and port 587 (submission):
daemon_smtp_ports = 25 : 587
- Save and close the file: Press
Ctrl+X
, thenY
, andEnter
to save and close the file.
Step 4: Configure Mail Server Authentication
To set up SMTP authentication, we need to create an authentication file and configure Exim to use it.
4.1 Create the Authentication File
- Create the authentication file:
sudo nano /etc/exim/exim.passwd
- Add authentication details: Add your username and password in the following format, replacing
<username>
and<password>
with your desired credentials:
<username>:<password>
- Save and close the file: Press
Ctrl+X
, thenY
, andEnter
to save and close the file. - Set appropriate permissions:
sudo chmod 600 /etc/exim/exim.passwd
4.2 Update Exim Configuration for Authentication
- Edit the Exim configuration file:
sudo nano /etc/exim/exim.conf
- Add authentication settings: Locate the
authenticators
section and add the following configuration:
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if eq{$auth2_password}{${lookup{$auth2_username}lsearch{/etc/exim/exim.passwd}}}{1}{0}}
server_set_id = $auth2_username
- Save and close the file: Press
Ctrl+X
, thenY
, andEnter
to save and close the file.
Step 5: Start and Enable Exim Service
- Start the Exim service:
sudo systemctl start exim
- Enable Exim to start on boot:
sudo systemctl enable exim
- Check the status of Exim:
sudo systemctl status exim
Step 6: Configure Firewall
To allow incoming and outgoing email traffic, configure your firewall.
- Allow ports 25 and 587:
sudo firewall-cmd --permanent --add-service=smtp
sudo firewall-cmd --permanent --add-service=submission
- Reload the firewall configuration:
sudo firewall-cmd --reload
Step 7: Test Your Exim Mail Server
- Send a test email: Use the
sendmail
command to send a test email:
echo "Subject: Test Email" | sendmail -v [email protected]
- Check Exim logs for confirmation: View the logs to ensure the email was sent successfully:
sudo tail -f /var/log/exim/mainlog
Step 8: Configure DNS Records
For a fully functional email server, configure the following DNS records:
8.1 MX Record
Points to your mail server:
example.com. IN MX 10 mail.example.com.
8.2 A Record
Maps the mail server hostname to an IP address:
mail.example.com. IN A 192.168.1.2
8.3 SPF Record
Indicates which mail servers are allowed to send email on behalf of your domain:
example.com. IN TXT "v=spf1 mx ~all"
8.4 DKIM Record (Optional)
For email signing, configure DKIM.
8.5 DMARC Record (Optional)
For email validation and reporting:
_dmarc.example.com. IN TXT "v=DMARC1; p=none; rua=mailto:[email protected]"
Step 9: Secure Exim with TLS
To secure your mail server communications, configure TLS.
9.1 Generate SSL Certificates
- Create the directory for SSL certificates:
sudo mkdir -p /etc/exim/ssl
- Generate a self-signed SSL certificate:
sudo openssl req -new -x509 -days 365 -nodes -out /etc/exim/ssl/exim.crt -keyout /etc/exim/ssl/exim.key
sudo chmod 600 /etc/exim/ssl/exim.key
9.2 Update Exim Configuration for TLS
- Edit the Exim configuration file:
sudo nano /etc/exim/exim.conf
- Add TLS settings: Locate the
tls_certificate
andtls_private_key
directives and set them as follows:
tls_certificate = /etc/exim/ssl/exim.crt
tls_private_key = /etc/exim/ssl/exim.key
- Save and close the file: Press
Ctrl+X
, thenY
, andEnter
to save and close the file. - Restart Exim:
sudo systemctl restart exim
Conclusion
Congratulations! You have successfully installed and configured Exim on AlmaLinux 9. You now have a basic mail server setup capable of sending and receiving email.
Additional Resources
For advanced configurations and further customization, refer to the official Exim documentation and AlmaLinux’s official documentation.
If you run into any issues or need specific features, the Exim community forums and mailing lists are excellent places to seek help and advice.