Home » Issues » Issue 21

Configure Exim with anti-spam

Spam's off! Make it so with Exim and SpamAssassin

Download the whole article as PDF

Short URL: http://fsmsh.com/2572

Write a full post in response to this!


A few comments on my article The perfect network server in issue 17 requested some more in depth follow-up pieces. This is what I hope to be the first of those. It focuses on Exim, the mail transfer agent (MTA), specifically setting it up with spam scanning. It is based on setups I currently use, hosted on Debian GNU/Linux.

This is an intermediate article, I’m going to assume you are familiar with mail delivery technologies and terminology. If you don’t know what SMTP, MX records and reverse DNS lookups are, you might like to do a little background reading before coming back to this article. I’ll try to stick to a descriptive narrative style but some of it will inevitably involve technical language.

What Exim is not

Exim is a mail transfer agent. It receives messages, usually by SMTP, figures out what to do with them according to its configuration and transfers them to another location based on that information. The new location may be a locally based mailbox, another server or another daemon running on the same box.

Exim does not do POP3, IMAP, shared calendars or make the tea

It does not deliver mail to client machines, and does not handle mail user agent message creation functionality. In short, Exim does SMTP and related stuff. It does not do POP3, IMAP[1], LDAP, shared calendars or make the tea. It’s important to note that Exim is not capable of pulling mail: it expects all messages to be delivered to it [2].

Debian Exim packages

Debian has a few packages for Exim. At the time of writing the current major version is 4. The key packages to install are exim4-base, exim4-config and one of the two exim4-daemon-? packages. If you are installing a brand new server, then you can install Exim as a task during the Debian installation stage (see The perfect network server for information on that). If you already have a Debian server then you can install it using tasksel install mail-server or with your favourite package manager.

The two Exim4 daemon packages within Debian called exim4-daemon-light and exim4-daemon-heavy. Installing either will install the exim4-base package as a dependency but not exim4-config. So, you should install exim4-config as well as it comes in handy.

The light daemon package is a perfectly adequate Exim install but leaves out things like SQL data lookups, virus/spam scanning integration and Secure Password Authentication SMTP. All of those are included in the “heavy” daemon and, as you’ll want to do spam scanning, you’ll need it. Note that tasksel, and thus the Debian installer, will install exim4-daemon-light but you can replace it simply by installing the heavy package afterwards. So, after all that, apt-get install exim4-daemon-heavy exim4-config does the trick.

Exim initial configuration

I’m not aware of any GUI tools to configure Exim, beyond address and account management. I started a fairly long debate on the necessity of server GUIs in the last article, but as they say, “write what you know”… so I’ll stick to configuring Exim via the shell.

Having installed exim4-config, you might as well put it to good use

Having installed exim4-config, you might as well put it to good use. To use exim-config, run (either as root or sudo) the command dpkg-reconfigure exim4-config. I won’t detail every step of this because each has decent explanatory text within—and I’d take up most of the article installing Exim. Here are a few pointers on the latter steps.

The debconf way to set-up Exim
The debconf way to set-up Exim

Mailbox format

The Exim local_delivery transport is used to deliver messages to local mailboxes. By default that is in mbox format. There is an option to use the popular Maildir format, which you can set here. I prefer Maildir, so I choose to use it here. For a discussion on which is best I suggest you put your flame-proof suit on and hit Google or add a comment. Briefly, mbox stores all messages in a single text file. Maildir stores each message as an individual file within sub-directories of your main maildir. An advantage of Maildir is that it doesn’t require file locking, so there are fewer delays.

Don't miss out on the other pages!
123next ›last »

Write a full post in response to this!

Similar articles

4

Do you like this post?
Vote for it!

Copyright information

This article is made available under the "Attribution-NonCommercial-Sharealike" Creative Commons License 3.0 available from http://creativecommons.org/licenses/by-nc-sa/3.0/.

Biography

Ryan Cartwright: Ryan Cartwright heads up Equitas IT Solutions who offer fair, quality and free software based solutions to the voluntary and community (non-profit) and SME sectors in the UK. He is also a free software advocate and you might find him on the GLLUG mailing list.

bignellrp's picture

Can i use the above as a

Submitted by bignellrp on Wed, 2008-12-10 21:37.

Vote!
0

Can i use the above as a global spam filter for virtual mysql users?

E.G

# Exim filter
if $h_subject: contains "{SPAM?}"
then
save /var/mail/${domain}/${local_part}/.Junk\ E-mail/cur/
finish
endif

...to work with my transport below.

local_mysql_delivery:
driver = appendfile
directory = /var/mail/${domain}/${local_part}/
maildir_format
delivery_date_add
envelope_to_add
return_path_add
user = mail
group = mail
mode = 0660

Ryan Cartwright's picture

yes but maybe not as you think

Submitted by Ryan Cartwright on Thu, 2008-12-11 18:36.

Vote!
0

In Exim a global filter (one that is applied to every inbound message) is called a system filter. The one you’ve shown above would work if placed in a system filter file and you called it using the system filter directive as shown on page 3 of my article. (It would also work if placed in a .forward file but then only for that one user).

As your filter checks the domain and local_part of the recipient envelope (calculated from the “To:” header of the message), the fact that the account is a virtual one is irrelevant. The transport is irrelevant too as the save command won’t use it. It uses the appendfile driver but independently of the transport.

A couple of things about your filter though. It will save any message with that string in the subject into the junk folder. This includes ones that perhaps got inadvertently flagged by some other companies’ mail system (with the same string) and they’ve since replied to you. In my expereince it’s better to add a header to indicate that your server thinks it’s spam and detect that, rather than do your detection on an arbitrary string in the subject. This is what I do in the article, it’s just the resulting action that differs.

Secondly you’ll probably confuse matter saving to the “cur” folder below .Junk\ Email as it’ll show up as a directory in the user’s mail folders. If this is an Imap store then I’d save it to “.Junk\ Email/” and be done with it. If it’s POP then don’t even bother saving it to t separate folder if you want the user to see it, let the POP client do that bit.

Hope this helps

Ryan

Equitas IT Solutions - fairness, quality, freedom http://www.equitasit.co.uk

bignellrp's picture

Thanks for such a quick reply....

Submitted by bignellrp on Thu, 2008-12-11 18:56.

Vote!
0

That does help explain things. But at the moment:

# Exim filter
if $h_subject: contains "{SPAM?}"
then
save /var/mail/${domain}/${local_part}/.Junk\ E-mail/
finish
endif

doesnt work. Firstly it complained at the space between .Junk\ Email

then when i changed to .Junk it didnt seem to do anything with this spam mail. Could it be that my spamassassin isnt tagging the mail until after my system_filter is called? Or am i doing something else wrong?



Two fantastic free software companies that make Free Software Magazine possible:

Other sites

Odiogo