9
37
flexible, allowing you to get exactly the amount of control you need
10
38
for the job at hand.
40
If you're reading this, you have found the README.Debian file. This is
41
good, thanks! Please continue reading this file in its entirety. It is
42
full of important information and has been written with the questions
43
in mind that keep popping up on the mailing lists.
45
The development web page can be found on
46
http://pkg-exim4.alioth.debian.org/ and contains a lot of useful links
47
and other information. The subversion repository of the Debian package
48
is available for public read-only access and is linked from the
51
For your questions and comments, we have a mailing list,
52
pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
53
questions there, and only write to the upstream exim-users mailing
54
list if you are sure that your question is not Debian-specific.
55
Debian-specific questions are more likely to find answers on our
56
pkg-exim4-users mailing list, while complex custom configuration
57
issues might be more easily solved on the upstream exim-users mailing
58
list because of the broader and more experienced audience there. You
59
can subscribe to pkg-exim4-users via the subscription web page on
60
http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
12
62
To use exim4, you need at least the following packages:
13
exim4-base EXperimental Internal Mailer -- a Mail Transport
14
exim4-config Debian configuration for exim4
15
exim4-daemon-light Lightweight version of the Exim (v4) MTA
63
exim4-base support files for all exim MTA (v4) packages
64
exim4-config configuration for the exim MTA (v4)
65
exim4-daemon-light lightweight exim MTA (v4) daemon
17
67
Just apting the meta-package exim4 will pull in the other packages per
18
68
dependency. You'll get an exim daemon with minimal feature set (no external
21
If you want to have a different feature set, you can install one of
22
the other exim4-daemon-Packages instead of exim4-daemon-light, or you
23
can modify the source package to build exim4-daemon-custom according
24
to your needs. The infrastructure to do so is already in place, see
25
debian/rules for instructions.
71
If you need more advanced features like LDAP, PostgreSQL and MySQL
72
data lookups, SASL and SPA SMTP authentication, embedded Perl
73
interpreter, and exiscan-acl for integration of virus-scanners and
74
spamassassin, you can replace exim4-daemon-heavy instead of
75
exim4-daemon-light. Additionally, the source package offers
76
infrastructure to build your own custom-tailored exim4-daemon-custom
77
which exactly fits your special local needs. The infrastructure to do
78
so is already in place, see debian/rules for instructions.
80
If you want to tweak the configuration you should modify
81
/etc/exim4/exim4.conf.template if you have an "unsplit" configuration.
82
If you have a "split" configuration modify or add to the files under
83
/etc/exim4/conf.d/. In either case the files are extensively commented.
85
********************************************
86
Using TLS ********************************
87
********************************************
89
exim4 as TLS/SSL client
91
Both exim4-daemon-heavy and exim4-daemon-light support TLS/SSL using the
92
GnuTLS library and exim will use TLS *automatically* as client if the
93
server exim connects to offers it. You can stop reading now if you are
94
not setting up a mailserver which needs to offer TLS for incoming
97
How to enable TLS support for exim as server
99
You should have created certificates in /etc/exim4/ either by hand
100
or by usage of the exim-gencert (which requires openssl).
101
exim-gencert is shipped in /usr/share/doc/exim4-base/examples/ and
102
takes care of proper access privileges on the private key file.
104
Now, enable TLS by setting the macro MAIN_TLS_ENABLE in a local
105
configuration file (documented below).
107
It might be appropriate to add "+tls_cipher +tls_peerdn" to any
108
log_selector statement you might already have, or to add a
109
log_selector statement setting these two options in a local
110
configuration file. These options have exim log what cipher your exim
111
and the peer's mailer have negotiated to use to encrypt the
112
transaction, and they have exim log the Distinguished Name of the
117
If Exim complains in an SMTP session that TLS s unavailable, the exim
118
manlog or paniclog frequently has exact information about what might
119
be wrong. Fo example, you might see
120
2003-01-27 19:06:45 TLS error on connection from localhost [127.0.0.1]
121
(cert/key setup): Error while reading file)
122
showing that there has been an error while accessing the certificate
123
or the private key file.
125
If Exim says "not random bytes available", then Exim was unable to
126
read enough random data from /dev/random to seed it's Diffie Hellman
127
parameter generation. Please check that your /dev/random device is
130
Diffie Hellman parameters
133
This version of Exim is compiled against GnuTLS. GnuTLS is a
134
replacement for the restrictive licensed OpenSSL libraries. GnuTLS
135
does not support varying its Diffie-Hellman parameters. Therefore
136
tls_dhparam settings are ignored in Exim's configuration file, and no
137
dhparam file is generated by exim-gencerts. GnuTLS uses RSA and D-H
138
parameters that are computed when they are needed. When someone sends
139
STARTTLS, exim will compute these parameters and then store these
140
parameters in a cache file located in Exim's spool directory
141
(/var/spool/exim4/gnutls-params).
143
The daily cron job removes this file, so Exim creates a new set of
144
gnutls parameters. It is "more secure" when you have this file
145
regenerated more often. You can delete it any time you wish without
146
any need for synchronization. Exim will regenerate it automatically.
147
But remember that the exim process that has to create the file could
148
take a little longer before it responds to a STARTTLS command. You
149
should not notice this on current computers.
151
NOTE! The fact that GnuTLS does not support generated Diffie-Hellman
152
parameters does NOT make it less secure.
154
For more reference, you can refer to
155
/usr/share/doc/exim4-base/spec.txt.gz, section 38.
159
This chapter of README.Debian has been originally written by Sander
160
Smeenk <ssmeenk@debian.org>, and then adapted by Andreas Metzler
161
<ametzler@downhill.at.eu.org> as README.TLS. It has eventually been
162
included into README.Debian by Marc Haber, including some more changes.
27
164
********************************************
28
165
Updating from exim 3 ***********************
75
212
exim4-config or by changing the value of dc_use_split_config in
76
213
update-exim4.conf.conf manually.
78
The split into multiple files below /etc/exim4/conf.d/ is quite
79
straightforward. Each section of exim's configuration has its own
80
subdirectory and the files in there are supposed to be read in
81
alphanumeric order. router/00_exim4-config_header is followed by
215
Splitting into multiple files means that you have the actual
216
configuration file automatically generated from the files below
217
/etc/exim4/conf.d/ by invoking "update-exim4.conf". Each section of
218
exim's configuration has its own subdirectory and the files in there
219
are supposed to be read in alphanumeric order.
220
router/00_exim4-config_header is followed by
82
221
router/100_exim4-config_domain_literal, ...
84
Benefits of this approach:
222
Please consult the manual page update-exim4.conf(8) for more details.
225
If you chose unsplit configuration, "update-exim4.conf" builds the
226
configuration from /etc/exim4/exim4.conf.template, which is basically
227
the files from /etc/exim4/conf.d/ concatenated together at package
228
build time, and thus guarantees consistency on the target system.
230
In both cases, update-exim4.conf does integrate the debconf
231
configuration values into the actual configuration file which is then
232
in turn used by the exim4 daemon. See the update-exim4.conf manual
233
page for more in-depth information about this mechanism.
235
Benefits of the split configuration approach:
85
236
* it means less work for you when upgrading. If we shipped one big file
86
237
and modified for example the Maildir transport in a new version you
87
238
won't have to do manual conffile merging unless you had changed
101
256
config at the price of having to more closely examine the config file
259
If you are using unsplit configuration, have local changes to
260
/etc/exim4/conf.d/ (either made by yourself or by other packages
261
dropping their own routers or transports in) and want to re-generate
262
/etc/exim4/exim4.conf.template to activate these changes, you can do
263
so by using update-exim4.conf.template.
265
Our configuration can be controlled in a limited way by setting
266
macros. That way, you can switch on and off certain parts of the
267
default configuration without having to touch the dpkg-conffiles.
268
While touching dpkg-conffiles itself is explitly allowed and wanted,
269
it can be quite a nuisance to be asked on package upgrade whether one
270
wants to use the locally changed file or the file changed by the
273
Whenever you see an .ifdef or .ifndef clause in the configuration
274
file, you can control the appropriate clause by setting the macro in a
275
local configuration file. For split configuration, you can drop the
276
local configuration file anywhere in /etc/exim4/conf.d/main. Just make
277
sure it gets read before the macro is first used. 000_localmacros is a
278
possible name, guaranteeing first order. For a non-split
279
configuration, /etc/exim4/exim4.conf.localmacros gets read before
280
/etc/exim4/exim4.conf.template. To actually set the macro
281
EXIM4_EXAMPLE to the value "this is a sample", write the following line
283
EXIM4_EXAMPLE = this is a sample
285
into the appropriate file. For more detailed discussion of the general
286
macro mechanism, see the exim specification, chapter 6.4, for details
287
how macro expansion works.
104
289
What about debconf?
106
291
Debconf just "manages" the file /etc/exim4/update-exim4.conf.conf. This is
139
324
update-exim4.conf is invoked by the init script prior to any operation
140
325
that may invoke an exim process, and gives an error message if the
141
326
generated config file is syntactically invalid. If you want to activate
142
your changes to files in conf.d/ just execute "invoke-rc.d exim4 reload".
327
your changes to files in conf.d/ just execute "invoke-rc.d exim4 restart".
144
329
I still don't like it. I want one monolithic file.
146
331
No problem. Take your file and install it as /etc/exim4/exim4.conf. Exim
147
will use that file. /var/lib/exim4/config.autogenerated, the file
148
generated by update-exim4.conf, is ignored in that case. You should not
149
edit /etc/exim4/exim4.conf directly when exim is running, because the
150
forked processes exim starts for SMTP receiving or queue running would
151
use the new configuration file, while the original main exim-daemon
152
would still use the old configuration file.
332
will use that file. To have something to start, you can either take
333
/etc/exim4/exim4.conf.template, or run update-exim4.conf
334
--keepcomments --output /path/to/some/file and use some/file as a
335
starting point for your configuration. You're going to lose all magic
336
you get from packaging though.
338
/var/lib/exim4/config.autogenerated, the file generated by
339
update-exim4.conf, is ignored as soon as /etc/exim4/exim4.conf is
340
found. You should not edit /etc/exim4/exim4.conf directly when exim is
341
running, because the forked processes exim starts for SMTP receiving
342
or queue running would use the new configuration file, while the
343
original main exim-daemon would still use the old configuration file.
155
346
*******************************************************
170
361
be in root's path (/usr/sbin recommended). The init script will invoke
171
362
that executable prior to invoking the actual exim daemon.
173
The source package contains a number of little helpers that can aid
174
you in creating your own configuration packages:
176
* The subdirectory debian/exim4-config-simple contains a simple,
177
not debconf-driven configuration scheme as example (in form of a
178
Debian source package) which can be used as template for a
179
classical, exim4.conf based configuration scheme.
181
* The subdirectory debian/exim4-config-medium contains the conf.d
364
If you want to create your own configuration packages, there is a
365
number of helpers available.
367
* The exim4 Debian svn repository holds sources for a
368
exim4-config-simple package which contains a simple, not
369
debconf-driven configuration scheme as example which can be
370
used as template for a classical, exim4.conf based configuration
373
* The exim4 Debian svn repository holds sources for a
374
exim4-config-medium package which contains the conf.d
182
375
driven configuration of the main package with the debconf
183
376
interaction removed. This can be used to create you own non-debconf
184
377
configuration package that uses the conf.d mechanism.
293
504
local_scan_path = /path/to/sharedobject
294
505
to utilize local_scan() in /path/to/sharedobject
507
* changes to the documentation to have
508
pkg-exim4-users@lists.alioth.debian.org mentioned where
509
exim-users@exim.org is mentioned
297
511
********************************************
298
512
FAQ ****************************************
299
513
********************************************
301
Q: exim takes a very long time to start, I think it is making a DNS
518
Q: Your package is strange. Where can I ask questions?
520
A: There is a mailing list dedicated to Debian-specific questions
521
about exim 4, pkg-exim4-users@lists.alioth.debian.org. You can
523
http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users.
524
Please do not ask Debian-specific questions on the upstream exim-users
525
mailing list. If in doubt, ask on the Debian list.
528
Q: exim4-config should depend on exim4-base, shouldn't it?
530
A: No, it shouldn't. It's entirely possible to (want to) install an
531
exim4-config package on a machine that doesn't run exim4 - for instance
532
in order to examine the configuration before upgrading the machine to
533
the exim4 packages using that configuration.
535
exim4-base correctly depends on a package providing one of the virtual
536
packages exim4-config{,-2}. The requirement is that installing exim4
537
ensures that an appropriate configuration is installed, not vice versa.
538
(Answer by Adam D. Barratt, in response to #310750, thanks!)
544
Q: How can I automatically replace my local username in all mail with my
547
A: You can use /etc/email-addresses for this purpose, which will cause
548
exim to change Reply-To, From, Sender and "MAIL FROM:" accordingly. The
549
file includes examples.
553
Q: How to I setup exim4 to use Maildir and deliver to ~/Maildir instead
554
of to /var/mail/username? I need this for courier or dovecot.
557
dc_localdelivery=maildir_home
558
to /etc/exim4/update-exim4.conf.conf and run "invoke-rc.d exim4 reload".
567
Q: exim takes a very long time to start. I think it is making a DNS
302
568
lookup although my /etc/host holds all the necessary information.
304
570
A: exim will indeed try to lookup the primary hostname at startup, however