Categories:
Printer Friendly
Send to a friend
Updated: July 6, 2006
About Exim
Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail.
www.exim.org
Requirements
For this tutorial you will need root SSH access to your server. You will also need to be running Exim 4x MTA.
This works excellent with Cpanel machines!
What does this do?
What this addition does is it adds valuable logging information to your exim_mainlog file so that you can determine where messages are coming from, whos sending the message and from what directory on your server the user NOBODY is originating from, if your seeing mail leaving as nobody. In addition, it adds very useful information to exim_mainlog to help you decipher email coming and going.
2003-06-27 14:06:18 cwd=/home/usersite/public_html/forums 3 args: /usr/sbin/sendmail -t -i
2003-06-27 14:06:18 19W0QE-0001Nr-1b nobody@yourserversname.com from env-from rewritten as ""usersite.com" <minx@usersite.com>" by rule 1
The message above tells me where the message came from, who sent it from my server, the user and the path it was called from. It also tells me how it was called and what it was renamed to before leaving my server.
The message below, tells me an incoming msg arrived with the subject line = "Naked Newsreaders? OH YEAH!". Very helpful in determining spam!!!!! You will see many other messages in exim_mainlog that you didnt see before. Great for debugging your msg logs and catching spammers!!
EG: 19W0bO-0001cY-Ej <= jessica@stripdownnews.com H=(one) [128.121.247.84]:52087 I=[64.246.38.122]:25 P=smtp S=2387 T="Naked Newsreaders? OH YEAH!" from jessica@stripdownnews.com
Lets Begin!
Note to MailScanner users: you must also do this to exim_config, so repeat these steps for both: exim.conf and exim_outgoing.conf
Through Shell Directly - Cpanel users see bottom for special instructions
1. Open exim.conf
pico /etc/exim.conf
2) Find this;
Ctrl + W: hostlist auth_relay_hosts = *
#########################
Runtime configuration file for Exim #
#########################
3) After hostlist auth_relay_hosts = *
add the following
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
4) The final result should look like this
hostlist auth_relay_hosts = *
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
#######################################
# Runtime configuration file for Exim #
#######################################
5) Save and restart exim DONE!
ctrl + X then Y
/etc/init.d/exim restart
Now tail your log and watch the show!
tail -f /var/log/exim_mainlog
WARNING CPANEL USERS:
Cpanel/WHM updates will over-ride these changes. You can prevent Cpanel from deleting your changes by doing the following
chattr +i /etc/exim.conf
Cpanel Users - Easy Method
A much better solution is to make the changes through the root WHM interface.
1) Login and go to Service Configuration / Exim Configuration Editor
2) Click the Switch to Advanced Mode button
3) Now you'll see the WHM Exim configuration editor. This is essentially like editing exim.conf but throught he online interface and it will remember your changes where as if you edit the file directly through shell it will not. 
4) In the first window which is empty you'll need to insert the following.
log_selector=+all
5) Go to the bottom and Save the changes, they will be applied and Exim will restart.
6) Success! You have added additioinal logging to your Exim mail server for better tracking.
I am only new to this but I tried to follow the above instructions but only got the following error after I did, any ideas ------------------------------ root@server1 [/etc]# /etc/init.d/exim restart Shutting down exim: [FAILED] Shutting down antirelayd: [ OK ] Shutting down spamd: [ OK ] Starting exim: 2004-06-11 00:11:17 Exim configuration error in line 28 of /etc/exim.conf: option setting expected: +address_rewrite [FAILED] Starting exim-smtps: 2004-06-11 00:11:17 Exim configuration error in line 28 of /etc/exim.conf: option setting expected: +address_rewrite [FAILED] Starting antirelayd: [ OK ] Starting spamd: [ OK ] root@server1 [/etc]# ------------------------------ thanx