1 and Exim Introduction AfNOG 2012 Serekunda, The Gambia Chimwemwe Fredrick
2 Scope How Appears to Work How Really Works Mail User Agent (MUA) Mail Delivery Agent (MDA)/ Mail Transfer Agent (MTA) Queue MTA to MTA Transfer Delivery RFCs Introduction to Exim Installing Exim Starting Exim The Exim Game
3 How Appears to Work
4 How Really Works
5 Mail User Agent (MUA) Application the originating sender uses to compose and read Pine, MH, Elm, mutt, mail, Eudora, Marcel, Mailstrom, Thunderbird, Pegasus, Express, Netscape, Outlook,... You can have multiple MUAs on one system - end user choice
6 Mail Delivery Agent (MDA)/ Mail Transfer Agent (MTA) MDA/MTA accepts the , then routes it to local mailboxes or forwards it if it isn't locally addressed An can encounter a network cloud within a large company or ISP, or the largest network cloud in existence: the Internet.
7 Queue The enters an queue with other outgoing messages. If there is a high volume of mail in the queue—either because there are many messages or the messages are unusually large, or both— the message will be delayed in the queue until the MTA processes the messages ahead of it.
8 MTA to MTA Transfer clears the queue, enters the Internet network cloud, where it is routed along a host-to-host chain of servers The sending MTA handles all aspects of mail delivery until the message has been either accepted or rejected by the receiving MTA Each MTA needs to "stop and ask directions" from the DNS in order to identify the next MTA in the delivery chain Exact route depends partly on server availability and mostly on which MTA can be found to accept for the domain specified in the address ABUSE: Some spammers specify any part of the path, deliberately routing their message through a series of relay servers in an attempt to obscure the true origin of the message.
9 DNS resolution and transfer process To find the recipient's IP address and mailbox, the MTA must drill down through the DNS system, which consists of a set of servers distributed across the Internet beginning with the root nameservers root servers refer requests for a given domain to the root nameservers that handle requests for that tld MTA can bypass this step because it already knows which domain nameservers handle requests for these.tlds e.g. telecom.ma asks the appropriate DNS server which Mail Exchange (MX) servers have knowledge of the subdomain or local host in the address DNS server responds with an MX record: a prioritized list of MX servers for this domain To the DNS server, the server that accepts messages is an MX server. When it is transferring messages, it is called an MTA. MTA contacts the MX servers on the MX record in order of priority until it finds the designated host for that address domain sending MTA asks if the host accepts messages for the recipient's username at that domain (i.e., and transfers the message
10 Delivery If the message makes it past the filters: The MTA calls a local MDA to deliver the mail to the correct mailbox, where it will sit until it is retrieved by the recipient's MUA
11 Troubleshooting Issues transient failures If a transient error occurs, the MTA will hang onto the message, periodically retrying the delivery until it either succeeds or fails, or until the MTA decides that the transient issue is really a permanent condition. permanent failures If the MTA cannot deliver the message (it has received a fatal error message or failed to complete the transfer after repeated attempts), it bounces the message back to the sender. If the sender is a mailing list, the bounce may be handled by automated bounce-handling software.
12 RFCs Documents that define standards are called "Request For Comments (RFCs)", and are available on the Internet through the Internet Engineering Task Force (IETF) website There are many RFCs and they form a somewhat complex, interlocking set of standards, great information for anyone interested in gaining a deeper understanding of . Most pertinent RFCs: RFC 822, 2822: Standard for the Format of ARPA Internet Text Messages RFC 2821: Simple Mail Transfer Protocol RFC 1122, 1123, 1651, 1653, 1830, MIME RFCs...
What is Exim? Listens on port 25 (smtp) Accepts mail Queues mail Delivers it somewhere Using SMTP, LMTP, LDA, mbox or maildir No POP, IMAP, calendars, to-do lists, Crackberry!
Who uses Exim? University of Cambridge, UK Energis Squared (formerly Planet Online), UK Shore.Net (large regional ISP in the Northeastern US) Esat Net (longest serving ISP in Ireland) Default on new Debian installations Aptivate
Why use Exim? Flexible (lots of features) Reasonably secure Reasonably scalable Good debugging options Sane configuration syntax
Why not to use Exim? Not every problem is a nail Simplicity? Use postfix or qmail Top security? Use qmail Faster delivery? Use postfix or sendmail Insane configuration file? Use sendmail Note: Exim is not designed for spooling large amounts of mail and not very good at it
Conventions File names and technical terms are in italics Commands to type are shown in monospaced bold italic : cat /etc/monospaced/bold/italic/purple Long command lines are wrapped, but with a single bullet point at the start: cat /usr/local/etc/foo/bar | less | more | grep | sed | awk > /usr/local/tmp/foo/bar Text that is output by a program, or should already be in a file, is shown in plain monospaced type: sshd_enable="YES"
Root and sudo We will use “sudo” wherever root access is required Please work through this tutorial as a normal user, not as root If you use root, some error messages from Exim will be different and this may confuse you
Installing Exim (1) Install some dependencies as packages, not ports: sudo -E pkg_add -r libspf2 cyrus-sasl-saslauthd perl pcre mysql51-client Compile Exim from the ports tree: cd /usr/ports/mail/exim sudo make config Enable the following options: AUTH_RADIUS CONTENT_SCAN MYSQL SASLAUTHD SPF
Installing Exim (2) Now compile Exim: sudo make SUBDIR=old WITH_RADIUS_TYPE=RADLIB EXTRALIBS_EXIM=/usr/lib/libradius.so install clean All on one line! Should take a while compiling, and end with: ===> Cleaning for exim-4.77_1
Checking Exim Installation /usr/local/sbin/exim –bV Exim version Support for: crypteq iconv() IPv6 use_setclassresources PAM Perl Expand_dlfunc OpenSSL Content_Scanning Old_Demime Experimental_SPF Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch mysql nis nis0 passwd Authenticators: cram_md5 dovecot plaintext spa If you don't have these options: cd /usr/ports/mail/exim make deinstall clean Go back to Installing Exim (1)
Replacing Sendmail with Exim Stop Sendmail: sudo /etc/rc.d/sendmail stop Edit /etc/rc.conf and add these lines: sendmail_enable="NONE" sendmail_submit_enable="NO" exim_enable="YES" Edit /etc/mail/mailer.conf and change these lines: sendmail/usr/local/sbin/exim send-mail/usr/local/sbin/exim mailq/usr/local/sbin/exim -bp newaliases/bin/true
Starting Exim Try the following commands: sudo /usr/local/etc/rc.d/exim start Starting exim. sudo /usr/local/etc/rc.d/exim status exim is running as pid XXX sudo /usr/local/etc/rc.d/exim restart Stopping exim. Starting exim. Create /etc/periodic.conf.local and add these lines: daily_status_include_submit_mailq="NO" daily_clean_hoststat_enable="NO"
The Exim Game
25 Q&A