// Tutorial //
How To Setup Exim, Spamassassin, Clamd, and Dovecot on an Arch Linux VPS
Introduction
This tutorial will cover how to install and configure an email system on a VPS running Arch Linux. This will allow us to receive and send email as the Linux user we create on our VPS (droplet). The email can then be accessed and administered by running a local mail client, such as Thunderbird.
This configuration does not configure SSL for mail transfer, so it will not be secure for most uses.
Install Exim and Anti-Virus Software
First, install the exim mail transport agent, which is responsible for receiving messages and sending them to remote mail servers. Exim also authenticates users via dovecot so that we can send e-mail from remote computers using the Arch Linux VPS as an intermediary.
Installing exim and the antispam/antivirus components is easy:
pacman -S exim spamassassin clamav
Enable Spamassassin
Before starting spamd daemon, we should update spamassassin’s rules:
/usr/bin/vendor_perl/sa-update -v
We enable spamd in systemd so it will be started after a reboot. We will then run it in the background immediately:
systemctl enable spamassassin
systemctl start spamassassin
Configure Clam Anti-Virus
We will edit clamav’s config. Open the file now:
nano /etc/clamav/clamd.conf
We will set a higher attachment limit to scan by changing the default of 10M to 16M. We will also enable other groups in the system to use clamav. Also, comment out “Example” as shown below:
#Example
StreamMaxLength 16M
AllowSupplementaryGroups yes
We also enable the clamav updater by editing /etc/clamav/freshclam.conf file:
nano /etc/clamav/freshclam.conf
Comment out “Example” as we did above:
#Example
Next, add clamav to the exim group so clamav can open exim mail files and scan them accordingly:
usermod -G exim clamav
Start and enable the services:
systemctl enable freshclamd
systemctl enable clamd
systemctl start freshclamd
Wait a few minutes for the database in /var/lib/clamav to be updated and then type:
systemctl start clamd
Configure Exim
Next, we will configure exim without SSL, add our domains, and set up dovecot smtp authentication. Set the following in /etc/mail/exim.conf:
nano /etc/mail/exim.conf
<pre> primary_hostname = <span class=“highlight”>yourdomain.com</span> domainlist local_domains = @ : <span class=“highlight”>yourdomain.com</span> av_scanner = clamd:/var/lib/clamav/clamd.sock spamd_address = 127.0.0.1 783 </pre>
Additionally, comment out the SSL lines if they aren’t commented out already:
#tls_advertise_hosts = *
#tls_certificate = /etc/ssl/exim.crt
#tls_privatekey = /etc/ssl/exim.pem
In the “acl_check_data:” section, uncomment the following so exim will scan
incoming e-mail for malware and possible spam:
deny malware = *
message = This message contains a virus ($malware_name).
warn spam = nobody
add_header = X-Spam_score: $spam_score\n\
X-Spam_score_int: $spam_score_int\n\
X-Spam_bar: $spam_bar\n\
X-Spam_report: $spam_report
Next, search for the section called “begin authenticators” and enter the dovecot authentication details:
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
Save and close the file.
After exim.conf is set, we can enable the MTA and start it:
systemctl enable exim
systemctl start exim
We can check anytime what’s going on with out mail daemon by tailing the log files in /var/log/exim/:
tail /var/log/exim/mainlog
Install and Configure Dovecot
Next, install the dovecot imap/pop3 daemon:
pacman -S dovecot
Rename dovecot’s main config file and enable imap and pop3 there:
cp /etc/dovecot/dovecot.conf.sample /etc/dovecot/dovecot.conf
nano /etc/dovecot/dovecot.conf
Change the protocols line to read:
protocols = imap pop3
Save and close the file.
There other configuration files that can be edited for more tweaking, so we will copy them too:
cp /usr/share/doc/dovecot/example-config/conf.d/* /etc/dovecot/conf.d/
Disable ‘ssl’ in ‘/etc/dovecot/conf.d/10-ssl.conf’ by changing the following:
nano /etc/dovecot/conf.d/10-ssl.conf
ssl = no
#ssl_cert = </etc/ssl/certs/dovecot.pem
#ssl_key = </etc/ssl/private/dovecot.pem
Allow plaintext auth in /etc/dovecot/conf.d/10-auth.conf:
nano /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
Specify the location of our e-mail in /etc/dovecot/conf.d/10-mail.conf:
nano /etc/dovecot/conf.d/10-mail.conf
mail_location = mbox:~/mail:INBOX=/var/mail/%u
We will also configure the dovecot authenticator so exim can authenticate us. In /etc/dovecot/conf.d/10-master.conf under “service auth {”, add:
nano /etc/dovecot/conf.d/10-master.conf
unix_listener auth-client {
mode = 0660
user = exim
}
Enable and start dovecot by running:
systemctl enable dovecot
systemctl start dovecot
Set Up System Users
Add a user to the system by running:
<pre> useradd -d /home/<span class=“highlight”>USERNAME</span> -m -k /etc/skel <span class=“highlight”>USERNAME</span> </pre>
Set the password with:
<pre> passwd <span class=“highlight”>USERNAME</span> </pre>
Configure Your Mail Client
We can now use the Thunderbird mail client with the USERNAME and password we just configured to send and receive e-mail through our Arch Linux VPS.
Install Thunderbird on your local machine if you have not done so already.
This setup will greatly depend on what operating system you are using on your local computer.
You will need to add a new mail account. In some cases, this will be under Preferences, and then Account Settings. In other operating systems, you can access this by clicking File, and then selecting New, followed by “existing mail account”.
<img style=“border:2px solid black; display:block;margin-left:auto;margin-right:auto” src=“https://assets.digitalocean.com/articles/arch_mail/new_account.png” alt =“Thunderbird Add New Account” />
Set the first name and last name of the account, and then type the email address like:
<pre> <span class=“highlight”>user_name</span>@<span class=“highlight”>domain.com</span> </pre>
If you do not have a domain, you can use the IP address of your VPS. Input the password as well.
<img style=“border:2px solid black; display:block;margin-left:auto;margin-right:auto” src=“https://assets.digitalocean.com/articles/arch_mail/account_settings.png” alt =“Thunderbird Account Settings” />
Click Continue and Thunderbird should autodetect IMAP settings. Click Done.
If Thunderbird pops up an information window regarding the lack of encryption on our email communication, check “I understand the risks” and then click Done.
<img style=“border:2px solid black; display:block;margin-left:auto;margin-right:auto” src=“https://assets.digitalocean.com/articles/arch_mail/ssl_warning.png” alt =“Thunderbird No SSL Warning” />
Test out your email by emailing back and forth with a known email address. You may have to check the spam folder on your other account.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
author
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
I’ve set this up before on arch doing almost the same thing. But currently, I’m trying to set it up on Ubuntu. And seem to be having some trouble following. The exim configuration files are in different locations and set up differently. And the clamd.sock doesn’t exist nor does the clamd.ctl which is what ubuntu is looking for. I tried making clamd.sock and specifying it in the config. There are a few other aspects that don’t translate perfectly from ubuntu/debian. Such as the exim user, being Debian-exim.
Can we expect an update/new guide for the changes needed to set it up on ubuntu?
Failed in the last step. Because I don’t know the IMAP/POP3 port number, while the thunderbird also failed to auto detect the port numbers. Could you please tell me where to find these 2 numbers ?
I use CentOS any hope for me??
Hello!
I’ just setup my Arch droplet and began setting up email using this awesome tutorial. However I am running in to an issue with checking the updates for SpamAssassin:
Use of uninitialized value in subroutine entry at /usr/share/perl5/core_perl/XSLoader.pm line 92. Perl API version v5.18.0 of does not match v5.16.0 at /usr/share/perl5/core_perl/XSLoader.pm line 92. Compilation failed in require at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/HTML.pm line 27. BEGIN failed–compilation aborted at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/HTML.pm line 27. Compilation failed in require at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Node.pm line 43. BEGIN failed–compilation aborted at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Node.pm line 43. Compilation failed in require at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message.pm line 50. BEGIN failed–compilation aborted at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message.pm line 50. Compilation failed in require at /usr/share/perl5/vendor_perl/Mail/SpamAssassin.pm line 75. BEGIN failed–compilation aborted at /usr/share/perl5/vendor_perl/Mail/SpamAssassin.pm line 75. Compilation failed in require at /usr/bin/vendor_perl/sa-update line 134. BEGIN failed–compilation aborted at /usr/bin/vendor_perl/sa-update line 134.
Any ideas on how to fix this issue? It looks like it all stems from an incompatible version of Perl.
Any help would be greatly appreciated!
@Donal: Did you add an MX record to your domain name?
This system doesn’t seem to support external mail systems, I tried to send an email from gmail and it didn’t go through. Any idea why this is?
@Vince: Please do not duplicate your questions. <a href=“https://www.digitalocean.com/community/questions/getting-individual-user-account-email-set-up”>https://www.digitalocean.com/community/questions/getting-individual-user-account-email-set-up</a>
How do you create new mailboxes for users that are already created? For instance I already created a user named codex as “useradd -d /home/codex codex” . I created the user before I got mail set up and running. Now I have all these users with websites and no mail :(
@biondizzle, binary “sa-update” might already be in the PATH. Try to simply run “sudo sa-update -v”.
Running fresh Arch Linux 2013.05 x64 Droplet. When I run: /usr/bin/vendor_perl/sa-update -v I get this error: [url]http://pressingdark.com/archError.jpg[/url]
Do I have to downgrade my Perl version?