Tutorial
How To Setup Exim, Spamassassin, Clamd, and Dovecot on an Arch Linux VPS
Introduction
This tutorial will cover how to install and configure an email system on a VPS running Arch Linux. This will allow us to receive and send email as the Linux user we create on our VPS (droplet). The email can then be accessed and administered by running a local mail client, such as Thunderbird.
This configuration does not configure SSL for mail transfer, so it will not be secure for most uses.
Install Exim and Anti-Virus Software
First, install the exim mail transport agent, which is responsible for receiving messages and sending them to remote mail servers. Exim also authenticates users via dovecot so that we can send e-mail from remote computers using the Arch Linux VPS as an intermediary.
Installing exim and the antispam/antivirus components is easy:
pacman -S exim spamassassin clamav
Enable Spamassassin
Before starting spamd daemon, we should update spamassassin’s rules:
/usr/bin/vendor_perl/sa-update -v
We enable spamd in systemd so it will be started after a reboot. We will then run it
in the background immediately:
systemctl enable spamassassin
systemctl start spamassassin
Configure Clam Anti-Virus
We will edit clamav’s config. Open the file now:
nano /etc/clamav/clamd.conf
We will set a higher attachment limit to scan by changing the default of 10M to 16M. We will also enable other groups in the system to use clamav. Also, comment out “Example” as shown below:
#Example
StreamMaxLength 16M
AllowSupplementaryGroups yes
We also enable the clamav updater by editing /etc/clamav/freshclam.conf
file:
nano /etc/clamav/freshclam.conf
Comment out “Example” as we did above:
#Example
Next, add clamav to the exim group so clamav can open exim mail files and scan them accordingly:
usermod -G exim clamav
Start and enable the services:
systemctl enable freshclamd
systemctl enable clamd
systemctl start freshclamd
Wait a few minutes for the database in /var/lib/clamav to be updated and then type:
systemctl start clamd
Configure Exim
Next, we will configure exim without SSL, add our domains, and set up dovecot smtp authentication. Set the following in /etc/mail/exim.conf:
nano /etc/mail/exim.conf
<pre>
primaryhostname = <span class=“highlight”>yourdomain.com</span>
domainlist localdomains = @ : <span class=“highlight”>yourdomain.com</span>
avscanner = clamd:/var/lib/clamav/clamd.sock
spamdaddress = 127.0.0.1 783
</pre>
Additionally, comment out the SSL lines if they aren’t commented out already:
#tls_advertise_hosts = *
#tls_certificate = /etc/ssl/exim.crt
#tls_privatekey = /etc/ssl/exim.pem
In the “acl_check_data:
” section, uncomment the following so exim will scan
incoming e-mail for malware and possible spam:
deny malware = *
message = This message contains a virus ($malware_name).
warn spam = nobody
add_header = X-Spam_score: $spam_score\n\
X-Spam_score_int: $spam_score_int\n\
X-Spam_bar: $spam_bar\n\
X-Spam_report: $spam_report
Next, search for the section called “begin authenticators
” and enter the dovecot authentication details:
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
Save and close the file.
After exim.conf is set, we can enable the MTA and start it:
systemctl enable exim
systemctl start exim
We can check anytime what’s going on with out mail daemon by tailing the log files in /var/log/exim/
:
tail /var/log/exim/mainlog
Install and Configure Dovecot
Next, install the dovecot imap/pop3 daemon:
pacman -S dovecot
Rename dovecot’s main config file and enable imap and pop3 there:
cp /etc/dovecot/dovecot.conf.sample /etc/dovecot/dovecot.conf
nano /etc/dovecot/dovecot.conf
Change the protocols line to read:
protocols = imap pop3
Save and close the file.
There other configuration files that can be edited for more tweaking, so we will copy them too:
cp /usr/share/doc/dovecot/example-config/conf.d/* /etc/dovecot/conf.d/
Disable ‘ssl’ in ’/etc/dovecot/conf.d/10-ssl.conf’ by changing the following:
nano /etc/dovecot/conf.d/10-ssl.conf
ssl = no
#ssl_cert = </etc/ssl/certs/dovecot.pem
#ssl_key = </etc/ssl/private/dovecot.pem
Allow plaintext auth in /etc/dovecot/conf.d/10-auth.conf
:
nano /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
Specify the location of our e-mail in /etc/dovecot/conf.d/10-mail.conf
:
nano /etc/dovecot/conf.d/10-mail.conf
mail_location = mbox:~/mail:INBOX=/var/mail/%u
We will also configure the dovecot authenticator so exim can authenticate us. In /etc/dovecot/conf.d/10-master.conf
under “service auth {”, add:
nano /etc/dovecot/conf.d/10-master.conf
unix_listener auth-client {
mode = 0660
user = exim
}
Enable and start dovecot by running:
systemctl enable dovecot
systemctl start dovecot
Set Up System Users
Add a user to the system by running:
<pre>
useradd -d /home/<span class=“highlight”>USERNAME</span> -m -k /etc/skel <span class=“highlight”>USERNAME</span>
</pre>
Set the password with:
<pre>
passwd <span class=“highlight”>USERNAME</span>
</pre>
Configure Your Mail Client
We can now use the Thunderbird mail client with the USERNAME and password we just configured to send and receive e-mail through our Arch Linux VPS.
Install Thunderbird on your local machine if you have not done so already.
This setup will greatly depend on what operating system you are using on your local computer.
You will need to add a new mail account. In some cases, this will be under Preferences, and then Account Settings. In other operating systems, you can access this by clicking File, and then selecting New, followed by “existing mail account”.
<img style=“border:2px solid black; display:block;margin-left:auto;margin-right:auto” src=“https://assets.digitalocean.com/articles/arch_mail/new_account.png” alt =“Thunderbird Add New Account” />
Set the first name and last name of the account, and then type the email address like:
<pre>
<span class=“highlight”>user_name</span>@<span class=“highlight”>domain.com</span>
</pre>
If you do not have a domain, you can use the IP address of your VPS. Input the password as well.
<img style=“border:2px solid black; display:block;margin-left:auto;margin-right:auto” src=“https://assets.digitalocean.com/articles/arch_mail/account_settings.png” alt =“Thunderbird Account Settings” />
Click Continue and Thunderbird should autodetect IMAP settings. Click Done.
If Thunderbird pops up an information window regarding the lack of encryption on our email communication, check “I understand the risks” and then click Done.
<img style=“border:2px solid black; display:block;margin-left:auto;margin-right:auto” src=“https://assets.digitalocean.com/articles/arch_mail/ssl_warning.png” alt =“Thunderbird No SSL Warning” />
Test out your email by emailing back and forth with a known email address. You may have to check the spam folder on your other account.