Sunday, 17 July 2016

How to configure Exim and Dovecot with SMTP, POP3, IMAP and STARTLS support on Debian?

The mail system is known as one of the most complex services on Linux. In fact the situation isn't that bad. Here you can learn how to configure the basic mail system based on the Exim and Dovecot quite easily. The system will work on maildirs and will be fully functional with SMTP, POP3 and IMAP protocols on board and will support STARTLS encryption. However this article will not explain such topics as SpamAssassin, ClamAV or any webmail solutions. Maybe I will raise this topics in the future.



First, you should install required packages:

apt-get install exim4-daemon-heavy dovecot-pop3d dovecot-imapd

You will be asked several questions about the Exim configuration. Answers will be saved to the /etc/exim4/update-exim4.conf.conf file and should look similar to these:

dc_eximconfig_configtype='internet'
dc_other_hostnames='FIRST_DOMAIN ; SECOND_DOMAIN ; THIRD_DOMAIN'
dc_local_interfaces='127.0.0.1 ; ::1 ; YOUR_IPV4'
dc_readhost=''
dc_relay_domains='FIRST_DOMAIN ; SECOND_DOMAIN ; THIRD_DOMAIN'
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='maildir_home'

Than edit /etc/exim4/conf.template. Just above .ifdef MAIN_TLS_ENABLE add:

AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = yes
MAIN_TLS_ENABLE = yes

and uncomment the following lines:

plain_server:
  driver = plaintext
  public_name = PLAIN
  #server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
  server_condition = "${if pam{$auth2:$auth3}{1}{0}}"
  server_set_id = $auth2
  server_prompts = :
  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
  server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
  .endif

login_server:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  #server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
  server_condition = "${if pam {$auth1:$auth2}{1}{0}}"
  server_set_id = $auth1
  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
  server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
  .endif

Two lines that should be added are bolded.
Now it's time to generate the self-signed SSL certificate:

/usr/share/doc/exim4-base/examples/exim-gencert

Let's configure the Dovecot now. Just edit the file /etc/dovecot/local.conf and add these lines:

ssl = required
ssl_cert = </etc/exim4/exim.crt
ssl_key = </etc/exim4/exim.key

service auth {
  unix_listener auth-client {
    mode = 0660
    user = Debian-exim
  }
}

namespace inbox {
  location = maildir:/home/mail/%u
}

Don't forget about DNS records (A/AAAA and MX) for your mail domains.
Now (re)start both daemons:

/etc/init.d/exim4 restart
/etc/init.d/dovecot restart

The last thing you shold do is to configure the sample mailbox in your mail client and make sure, that the whole system works fine.