Install and configure Exim4

Install Exim4

To install Exim4, run the following command:

sudo apt install exim4

Configure Exim4

To configure Exim4, run the following command:

sudo dpkg-reconfigure exim4-config

This displays a “wizard” user interface for configuring the software. For example, in Exim4 the configuration files are split amongst multiple files by default; if you wish to have them in one file you can configure this via the user interface.

All configurable parameters from the user interface are stored in the /etc/exim4/update-exim4.conf.conf file. To re-configure the software you can either re-run the wizard, or manually edit this file using your preferred editor.

Once you are finished, you can run the following command to generate the master configuration file:

sudo update-exim4.conf

The master configuration file is stored in /var/lib/exim4/config.autogenerated.

You should never manually edit the master configuration file, /var/lib/exim4/config.autogenerated, because it is updated automatically every time you run update-exim4.conf. Any changes you make to this file will be lost during future updates.

Start the Exim4 daemon

The following command will start the Exim4 daemon:

sudo service exim4 start

SMTP authentication

Exim4 can be configured to use SMTP-AUTH with Transport Layer Security (TLS) and Simple Authentication and Security Layer (SASL).

First, enter the following into a terminal prompt to create a certificate for use with TLS:

sudo /usr/share/doc/exim4-base/examples/exim-gencert

Configure Exim4 for TLS by editing the /etc/exim4/conf.d/main/03_exim4-config_tlsoptions file and adding the following:


Next, configure Exim4 to use the saslauthd daemon for authentication by editing /etc/exim4/conf.d/auth/30_exim4-config_examples – uncomment the plain_saslauthd_server and login_saslauthd_server sections:

  driver = plaintext
  public_name = PLAIN
  server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
  server_set_id = $auth2
  server_prompts = :
  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}

  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  # don't send system passwords over unencrypted connections
  server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
  server_set_id = $auth1
  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}

To enable outside mail clients to connect to the new server, a new user needs to be added into Exim4 by using the following commands:

sudo /usr/share/doc/exim4-base/examples/exim-adduser

Protect the new password files with the following commands:

sudo chown root:Debian-exim /etc/exim4/passwd
sudo chmod 640 /etc/exim4/passwd

Finally, update the Exim4 configuration and restart the service:

sudo update-exim4.conf
sudo systemctl restart exim4.service

Configure SASL

To configure saslauthd to provide authentication for Exim4, first install the sasl2-bin package by running this command at a terminal prompt:

sudo apt install sasl2-bin

To configure saslauthd, edit the /etc/default/saslauthd configuration file and set:


Next, to make Exim4 use the saslauthd service, the Debian-exim user needs to be part of the sasl group:

sudo adduser Debian-exim sasl

Finally, start the saslauthd service:

sudo service saslauthd start

Exim4 is now configured with SMTP-AUTH using TLS and SASL authentication.


1 Like

Trying to get Exim4 to send email to my ISP mail server ( after those dipshits @ Yahoo (who frontier outsourced their email accounts to) changed something requiring SSL/TLS, I carefully followed your instructions from “SMTP Authentication” to the end. When I executed the step “sudo update-exim4.conf” I received the following error:

2022-07-14 15:27:26 Exim configuration error:
there are two authenticators called “cram_md5”
Invalid new configfile /var/lib/exim4/config.autogenerated.tmp, not installing
/var/lib/exim4/config.autogenerated.tmp to /var/lib/exim4/config.autogenerated

Examination of the config.autogenerated.tmp file shows that everything from “cram_md5:” to the end of the file (sections cram_md5:, plain:, and login:) have been duplicated exactly.

Any ideas?

uname -a
Linux linux1 4.15.0-189-generic #200-Ubuntu SMP Wed Jun 22 19:53:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

exim4 --version
Exim version 4.90_1 #4 built 30-Apr-2021 14:15:04
Copyright (c) University of Cambridge, 1995 - 2017
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM DNSSEC Event OCSP PRDR SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated

Exim4, I have been using this for many years running under Ubuntu version:
Linux version 5.15.0-79-generic (buildd@lcy02-amd64-011) (gcc (Ubuntu 11.3.0-1ubuntu1~22.04.1) 11.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #86-Ubuntu SMP Mon Jul 10 16:07:21 UTC 2023
I now want to use it as mt smart host on my mobile so I tried to install authorize TLS version.
I followed Install and configure Exim4 to the letter but I still get “Couldn’t verify account - Server does not support authentication” on my Samsung android phone.
can anyone point me diagnostic information.

It might be helpful to add Dovecot SASL to the Exim SMTP authentication documentation. It would be especially useful for people with Dovecot installed already, negating the need for saslauthd to be installed and configured.

The default Exim configuration already has commented lines for it:

# dovecot_plain_server:
#   driver = dovecot
#   public_name = PLAIN
#   server_socket = /var/spool/exim4/dovecot.auth-client
#   server_set_id = $auth1
#   server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
#   .endif