Adding a user with a local mailbox

To add an IMAP account, run:

cyradm --auth login --user mailadmin localhost

Then do "cm user.".

Possibly "sq user. ". What is the unit for quota?

The user must also exist in /etc/passwd. It would be nice if we could use Kerberos for authentication via the saslauthd.

Fixing corrupt Cyrus IMAP databases

If the system log shows errors about "DBERROR: skiplist recovery..." and "DBERROR: opening /var/imap/user/e/erl.seen: cyrusdb error", resulting in the history of read messages not being saved, then the correct course of action is to delete the file (erl.seen in this case). The Cyrus system will create a new history file, and everything should be OK.

Letting mail through the spam filter

If an E-mail is blocked by the blacklist spam filters, you will get an automatic E-mail (generated from /var/log/mail) saying something like:

Recipient xyzzy@lewin.nu:

Apr 18 21:17:21 From freevo-users-admin@lists.sourceforge.net relay sc8-sf-fw2.sourceforge.net:66.35.250.201]:

The key here is the relay's IP address (in this case 66.35.250.201). The name (in this case sc8-sf-fw2.sourceforge.net) can be forged, but the IP address should be accurate.

Go to www.openrbl.org and look up the IP address. One interesting thing to look for here is both why the server is blacklisted (not always easy to figure out).

You might want to consider E-mailing the postmaster of the block E-mail server, and letting them know that they are blacklisted, so that they can try to get themselves removed from the list. This will help the cause of stopping spam by keeping the blacklists accurate.

If the server is listed as an Open Relay (if for instance it is listed in the ordb.org blacklist), then you probably don't want to white-list it, because the server will forward mail from anybody in the world.

Also, on openrbl.org, you will see the something like:

Lookup 66.35.250.201 (sc8-sf-fw2.sourceforge.net) in 21+11 Zones
 AS: 66.35.192.0/18 AS3967 Exodus Communication Santa Clara/California
 Net 66.35.192-255 EC95-1 Santa Clara, California @exodus.net

This shows the address block that the IP address belongs to. You can use this information to decide if you want to whitelist only the exact IP address that bounced, or the entire blocklist (the sender may for instance have several mail servers with different IP addresses, and it's a nuisance if you let one through, and then get a bounce again from another mail server with a slightly different IP address.

To actually do the whitelisting, you need root priveliges. You need to edit the file /etc/mail/access. I have sorted it by IP addresses, to keep it organized.

For the example case, you want to add a line that looks like:

66.35.250.201  OK

To whitelist only this exact server, or:

66.35.250      OK

To whitelist all IP addresses starting with 66.35.250. If you want to whitelist all the IP addresses associated with exodus.net, you would have to add several lines:

66.35.192  OK
66.35.193  OK
...
66.35.255  OK

Please add a comment (starting lines with '#') before the addresses you add with your date, name, and reason of whitelisting. See the examples in the file.

You can also blacklist addresses by writing REJECT instead of OK to blacklist addresses.

To make the changes in /etc/mail/access have effect, you have to run the command:

cd /etc/mail
/usr/sbin/makemap btree access < access

The changes will then have immediate effect, you will not have to restart sendmail.

You might also want to send an E-mail to postmaster to notify me that you have made changes.

Exim administration

Useful commands:

/usr/sbin/exim -bpu: list all mails in the queue
/usr/sbin/exim -bpc: count mails in the queue
/usr/sbin/exim -v -q <msgid1> <msgid2>: send messages with ids between msgid1 and msgid2
/usr/sbin/exim -v -qff: Force sending of all messages (frozen and not) in the queue

stratus.lewin.nu

Mail is now handled by a Virtual Private Server (VPS) rented from Oderland. It runs exim4.

In addition to the SMTP port 25, this service also listens for SMTP connections on port 587. This is to be able to circumvent IP providers blocking port 25.

Exim configuration

The script update-exim4.conf generates the main configuration files /var/lib/exim4/config.autogenerated for Exim v4 by merging the data in the template file /etc/exim4/exim4.conf.template or the ones in the /etc/exim4/conf.d directory tree respectively and /etc/exim4/update-exim4.conf.conf to the output file /var/lib/exim4/config.autogenerated.

We use update-exim4.conf.conf (not a split configuration).

When the configuration files have been changed, run:

sudo update-exim4.conf

to update the configuration.

Restart the exim4 service with:

sudo service exim4 restart

Add a user with the following command:

sudo /usr/share/doc/exim4-base/examples/exim-adduser

Back to System Information