Thursday, August 04, 2011

Exim in Debian


I was trying to configure Exim4 in debian for receiving and sending email occasionally.

First I have setup account in dyndns.com for my dynamic public IP.
#dpkg-reconfigure exim4-config
General type of mail configuration:  internet site; mail is sent and received directly using SMTP.
System mail name: yourdomain.com
IP-addresses to listen on for incomming SMTP connections: // leave blank
Other destinations for which mail is accepted: yourdomain.com
Domains to relay mail for: // leave blank
Machines to relay mail for: // leave blank
Keep number of DNS-queries minimal (Dial-on-Demand) ?: No
Delivery method for local mail: Maildir format in home directory
Split configuration into small files ? : No

You can add new account in Evolution mail as "maildir", sending SMTP localhost. done.....

If you face problem while sending mail, you might be interested to configure SMTP relay:
http://wiki.debian.org/GmailAndExim4


TLS and Authentication

Generate a certificate using:
#bash /usr/share/doc/exim4-base/examples/exim-gencert

It will generate exim.crt and exim.key in /etc/exim4/
You may simply copy certificates if you have bought it earlier.

#cd /etc/exim4
#vi exim4.conf.template

add the following line
MAIN_TLS_ENABLE = yes

before
.ifdef MAIN_TLS_ENABLE


To verify TLS we are installing diagnostic tool:
# apt-get install swaks libnet-ssleay-perl
Test the connection:
$ swaks -a -tls -q HELO -s localhost -au your_user -ap '<>'
=== Trying localhost:25...
=== Connected to localhost.
<-  220 debianwb ESMTP Exim 4.76 Thu, 04 Aug 2011 14:22:02 +0600
 -> EHLO debianwb
<-  250-debianwb Hello localhost [127.0.0.1]
<-  250-SIZE 52428800
<-  250-PIPELINING
<-  250-STARTTLS
<-  250 HELP
 -> STARTTLS
<-  220 TLS go ahead
=== TLS started w/ cipher DHE-RSA-AES256-SHA
 ~> EHLO debianwb
<~  250-debianwb Hello localhost [127.0.0.1]
<~  250-SIZE 52428800
<~  250-PIPELINING
<~  250 HELP
 ~> QUIT
<~  221 evie closing connection
We were sending an empty pass while testing swaks.
Now, we will add authentication schema.
For the shell users we are using SASL, which uses PAM for password authentication.

#apt-get install sasl2-bin

To enable:
#vi /etc/default/saslauthd
START=yes
start the deamon
#/etc/init.d/saslauthd start

#vi /etc/exim4/exim4.conf
Un-comment the following line authentication via saslauthd:
plain_saslauthd_server:
   driver = plaintext
   public_name = PLAIN
   server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
   server_set_id = $auth2
   server_prompts = :
   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
   .endif

Add exim to sasl group
#adduser Debian-exim sasl

Test the connection using your username:
#swaks -a -tls -q AUTH -s localhost -au your_user
Password:

you may need to add
#vi /etc/hosts
127.0.0.1    your_domain

Enableing IMAP access:
#apt-get install courier-imap courier-imap-ssl
Create directories for web-based administration -> No
You may install "File Access Monitor" daemon to check other folders beside Inbox:
# apt-get install fam
 Check this link for details information.

Optionally you can check for X.509 Certificate:
# vi /etc/courier/imapd.cnf

If you do not want to use the default certificate, after edit the imapd.cnf, you may generate using:
# mkimapdcert

If you are behind a router, forward port 25, 143, 706, 993 to your server.

source:
http://blog.edseek.com/~jasonb/articles/exim4_courier/index.html
http://pkg-exim4.alioth.debian.org/README/README.Debian.html
http://library.linode.com/email/exim/send-only-mta-debian-6-squeeze
http://koivi.com/exim4-config/

Wednesday, August 03, 2011

secure wipe

#apt-get install secure-delete

It will provide the following tools for secure wiping:
/usr/bin/srm
/usr/bin/sfill
/usr/bin/sswap
/usr/bin/sdmem

srm - secure remove (secure_deletion toolkit)
$srm file_name
$srm -r folder_name

There is already another tool "shred" comes with "coreutils" package in Debian:
coreutils - GNU core utilities
/usr/bin/shred
shred - overwrite a file to hide its contents, and optionally delete it
$shred file_name


sfill  -  secure free disk and inode space wiper (secure_deletion toolkit)
#sfill /mount_point/

sswap - secure swap wiper (secure_deletion toolkit)

Turn off swap first :
 #swapoff /dev/sdaX
or
#swapoff -a  //to turn off all swap
Now run sswap:
#sswap /dev/sdaX 
sdmem - secure memory wiper (secure_deletion toolkit)


There is some limitation of these tools.
Please use manual pages of individual package for details information.