Install and configure Exim4

Install Exim4

To install Exim4, run the following command:

sudo apt install exim4

Configure Exim4

To configure Exim4, run the following command:

sudo dpkg-reconfigure exim4-config

This displays a “wizard” user interface for configuring the software. For example, in Exim4 the configuration files are split amongst multiple files by default; if you wish to have them in one file you can configure this via the user interface.

All configurable parameters from the user interface are stored in the /etc/exim4/update-exim4.conf.conf file. To re-configure the software you can either re-run the wizard, or manually edit this file using your preferred editor.

Once you are finished, you can run the following command to generate the master configuration file:

sudo update-exim4.conf

The master configuration file is stored in /var/lib/exim4/config.autogenerated.

You should never manually edit the master configuration file, /var/lib/exim4/config.autogenerated, because it is updated automatically every time you run update-exim4.conf. Any changes you make to this file will be lost during future updates.

Start the Exim4 daemon

The following command will start the Exim4 daemon:

sudo service exim4 start

SMTP authentication

Exim4 can be configured to use SMTP-AUTH with Transport Layer Security (TLS) and Simple Authentication and Security Layer (SASL).

First, enter the following into a terminal prompt to create a certificate for use with TLS:

sudo /usr/share/doc/exim4-base/examples/exim-gencert

Configure Exim4 for TLS by editing the /etc/exim4/conf.d/main/03_exim4-config_tlsoptions file and adding the following:


Next, configure Exim4 to use the saslauthd daemon for authentication by editing /etc/exim4/conf.d/auth/30_exim4-config_examples – uncomment the plain_saslauthd_server and login_saslauthd_server sections:

  driver = plaintext
  public_name = PLAIN
  server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
  server_set_id = $auth2
  server_prompts = :
  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}

  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  # don't send system passwords over unencrypted connections
  server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
  server_set_id = $auth1
  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}

To enable outside mail clients to connect to the new server, a new user needs to be added into Exim4 by using the following commands:

sudo /usr/share/doc/exim4-base/examples/exim-adduser

Protect the new password files with the following commands:

sudo chown root:Debian-exim /etc/exim4/passwd
sudo chmod 640 /etc/exim4/passwd

Finally, update the Exim4 configuration and restart the service:

sudo update-exim4.conf
sudo systemctl restart exim4.service

Configure SASL

To configure saslauthd to provide authentication for Exim4, first install the sasl2-bin package by running this command at a terminal prompt:

sudo apt install sasl2-bin

To configure saslauthd, edit the /etc/default/saslauthd configuration file and set:


Next, to make Exim4 use the saslauthd service, the Debian-exim user needs to be part of the sasl group:

sudo adduser Debian-exim sasl

Finally, start the saslauthd service:

sudo service saslauthd start

Exim4 is now configured with SMTP-AUTH using TLS and SASL authentication.


1 Like

Trying to get Exim4 to send email to my ISP mail server ( after those dipshits @ Yahoo (who frontier outsourced their email accounts to) changed something requiring SSL/TLS, I carefully followed your instructions from “SMTP Authentication” to the end. When I executed the step “sudo update-exim4.conf” I received the following error:

2022-07-14 15:27:26 Exim configuration error:
there are two authenticators called “cram_md5”
Invalid new configfile /var/lib/exim4/config.autogenerated.tmp, not installing
/var/lib/exim4/config.autogenerated.tmp to /var/lib/exim4/config.autogenerated

Examination of the config.autogenerated.tmp file shows that everything from “cram_md5:” to the end of the file (sections cram_md5:, plain:, and login:) have been duplicated exactly.

Any ideas?

uname -a
Linux linux1 4.15.0-189-generic #200-Ubuntu SMP Wed Jun 22 19:53:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

exim4 --version
Exim version 4.90_1 #4 built 30-Apr-2021 14:15:04
Copyright © University of Cambridge, 1995 - 2017
© The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM DNSSEC Event OCSP PRDR SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated

Exim4, I have been using this for many years running under Ubuntu version:
Linux version 5.15.0-79-generic (buildd@lcy02-amd64-011) (gcc (Ubuntu 11.3.0-1ubuntu1~22.04.1) 11.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #86-Ubuntu SMP Mon Jul 10 16:07:21 UTC 2023
I now want to use it as mt smart host on my mobile so I tried to install authorize TLS version.
I followed Install and configure Exim4 to the letter but I still get “Couldn’t verify account - Server does not support authentication” on my Samsung android phone.
can anyone point me diagnostic information.