Exim

Prerequisite
This article is part of the emails series. It is assumed that you already covered Dovecot.

This guide also uses the following software:
 * Let’s Encrypt or another way to get certificates
 * nftables as a firewall
 * Fail2Ban. Optional but recommended for security.

Install
Note: The heavy version is needed to use Dovecot as an authentication mechanism.

Base
Create file

Create folder
Unlike other programs, Exim doesn't read it's certificate as the root user. So it will be unable to read them from the standard let’sencrypt folder. We will create a folder readable by Exim where we can safely drop certificates later

Get certificate

 * 1) Edit file   an add a   line for
 * 2) Activate your new domain in Nginx
 * 3) Edit file   and add the following to the config list
 * 4) Get Your certificate

Use Certificate
Edit  and add the following lines

Authentication
We will use dovecot to verify user login and password. It lets us have only one database of users and share it between the different email infrastructure parts (smtp, imap...)

Dovecot
First modify the file. Find the section  and add the following lines And apply config with

Exim
Create file

Smart catch
This is my #1 spam fighting technique. It allows me to have an infinite number of email addresses while still preventing spammers to generate them.

You can check the installation instructions.

Dovecot Delivery
Create file  Then create

DKIM
Exim/DKIM

Paniclog
In case Exim encounter a grave problem (cannot start, lost email…) it will write a log to. There is a cron job that monitor this file and will send you a daily mail if it is not empty.

It is important to not miss these emails and act on them quickly. I use a Sieve script to mark them as important: Also note that this log file is never rotated. So you will get the same email over and over until you do it manually. It can be done with: To have this rotation done automatically (and thus receive the email only once), edit

Fail2Ban
The filter for Exim is already included in Debian, we just need to activate it. It will filter people trying to log on your server, trying to make it relay spam, and sending nonsense command.

Create file