How To Setup Exim, Spamassassin, Clamd, and Dovecot on an Arch Linux VPS

First, install the exim mail transport agent, which is responsible for receiving messages and sending them to remote mail servers. Exim also authenticates users via dovecot so that we can send e-mail from remote computers using the Arch Linux VPS as an intermediary.

Installing exim and the antispam/antivirus components is easy:

pacman -S exim spamassassin clamav

Enable Spamassassin

Before starting spamd daemon, we should update spamassassin’s rules:

/usr/bin/vendor_perl/sa-update -v

We enable spamd in systemd so it will be started after a reboot. We will then run it in the background immediately:

systemctl enable spamassassin
systemctl start spamassassin

Configure Clam Anti-Virus

We will edit clamav’s config. Open the file now:

nano /etc/clamav/clamd.conf

We will set a higher attachment limit to scan by changing the default of 10M to 16M. We will also enable other groups in the system to use clamav. Also, comment out “Example” as shown below:

#Example
StreamMaxLength 16M
AllowSupplementaryGroups yes

We also enable the clamav updater by editing /etc/clamav/freshclam.conf file:

nano /etc/clamav/freshclam.conf

Comment out “Example” as we did above:

#Example

Next, add clamav to the exim group so clamav can open exim mail files and scan them accordingly:

usermod -G exim clamav

Start and enable the services:

systemctl enable freshclamd
systemctl enable clamd
systemctl start freshclamd

Wait a few minutes for the database in /var/lib/clamav to be updated and then type:

systemctl start clamd

Configure Exim

Next, we will configure exim without SSL, add our domains, and set up dovecot smtp authentication. Set the following in /etc/mail/exim.conf:

nano /etc/mail/exim.conf

<pre> primary_hostname = <span class=“highlight”>yourdomain.com</span> domainlist local_domains = @ : <span class=“highlight”>yourdomain.com</span> av_scanner = clamd:/var/lib/clamav/clamd.sock spamd_address = 127.0.0.1 783 </pre>

Additionally, comment out the SSL lines if they aren’t commented out already:

#tls_advertise_hosts = *
#tls_certificate = /etc/ssl/exim.crt
#tls_privatekey = /etc/ssl/exim.pem

In the “acl_check_data:” section, uncomment the following so exim will scan incoming e-mail for malware and possible spam:

deny    malware    = *
        message    = This message contains a virus ($malware_name).
warn    spam       = nobody
        add_header = X-Spam_score: $spam_score\n\
                    X-Spam_score_int: $spam_score_int\n\
                    X-Spam_bar: $spam_bar\n\
                    X-Spam_report: $spam_report

Next, search for the section called “begin authenticators” and enter the dovecot authentication details:

dovecot_login:
  driver = dovecot
  public_name = LOGIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1

dovecot_plain:
  driver = dovecot
  public_name = PLAIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1

Save and close the file.

After exim.conf is set, we can enable the MTA and start it:

systemctl enable exim
systemctl start exim

We can check anytime what’s going on with out mail daemon by tailing the log files in /var/log/exim/:

tail /var/log/exim/mainlog

Next, install the dovecot imap/pop3 daemon:

pacman -S dovecot

Rename dovecot’s main config file and enable imap and pop3 there:

cp /etc/dovecot/dovecot.conf.sample /etc/dovecot/dovecot.conf
nano /etc/dovecot/dovecot.conf

Change the protocols line to read:

protocols = imap pop3

Save and close the file.

There other configuration files that can be edited for more tweaking, so we will copy them too:

cp /usr/share/doc/dovecot/example-config/conf.d/* /etc/dovecot/conf.d/

Disable ‘ssl’ in ‘/etc/dovecot/conf.d/10-ssl.conf’ by changing the following:

nano /etc/dovecot/conf.d/10-ssl.conf

ssl = no
#ssl_cert = </etc/ssl/certs/dovecot.pem
#ssl_key = </etc/ssl/private/dovecot.pem

Allow plaintext auth in /etc/dovecot/conf.d/10-auth.conf:

nano /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no

Specify the location of our e-mail in /etc/dovecot/conf.d/10-mail.conf:

nano /etc/dovecot/conf.d/10-mail.conf

mail_location = mbox:~/mail:INBOX=/var/mail/%u

We will also configure the dovecot authenticator so exim can authenticate us. In /etc/dovecot/conf.d/10-master.conf under “service auth {”, add:

nano /etc/dovecot/conf.d/10-master.conf

unix_listener auth-client {
    mode = 0660
    user = exim
  }

Enable and start dovecot by running:

systemctl enable dovecot
systemctl start dovecot

Add a user to the system by running:

<pre> useradd -d /home/<span class=“highlight”>USERNAME</span> -m -k /etc/skel <span class=“highlight”>USERNAME</span> </pre>

Set the password with:

<pre> passwd <span class=“highlight”>USERNAME</span> </pre>

We can now use the Thunderbird mail client with the USERNAME and password we just configured to send and receive e-mail through our Arch Linux VPS.

Install Thunderbird on your local machine if you have not done so already.

This setup will greatly depend on what operating system you are using on your local computer.

You will need to add a new mail account. In some cases, this will be under Preferences, and then Account Settings. In other operating systems, you can access this by clicking File, and then selecting New, followed by “existing mail account”.

<img style=“border:2px solid black; display:block;margin-left:auto;margin-right:auto” src=“https://assets.digitalocean.com/articles/arch_mail/new_account.png” alt =“Thunderbird Add New Account” />

Set the first name and last name of the account, and then type the email address like:

<pre> <span class=“highlight”>user_name</span>@<span class=“highlight”>domain.com</span> </pre>

If you do not have a domain, you can use the IP address of your VPS. Input the password as well.

<img style=“border:2px solid black; display:block;margin-left:auto;margin-right:auto” src=“https://assets.digitalocean.com/articles/arch_mail/account_settings.png” alt =“Thunderbird Account Settings” />

Click Continue and Thunderbird should autodetect IMAP settings. Click Done.

If Thunderbird pops up an information window regarding the lack of encryption on our email communication, check “I understand the risks” and then click Done.

<img style=“border:2px solid black; display:block;margin-left:auto;margin-right:auto” src=“https://assets.digitalocean.com/articles/arch_mail/ssl_warning.png” alt =“Thunderbird No SSL Warning” />

Test out your email by emailing back and forth with a known email address. You may have to check the spam folder on your other account.