Here is what you need to do:

1. Install procmail, (I get it from blastwave, as I did exim,spamassassin, and clamav):

2. Configure exim to handle procmail pipes.
a. make a backup copy of /opt/csw/etc/exim/exim.conf
b. In the “routers” sections of the exim.conf, right above the localuser: line add the following:

procmail:
 debug_print = "R: procmail for $local_part@$domain"
 driver = accept
 domains = +local_domains
 check_local_user
 transport = procmail_pipe
 require_files = ${local_part}: \\
               ${if exists{/etc/procmailrc}\\
                 { /etc/procmailrc}{${home}/.procmailrc}}:\\
               +/opt/csw/bin/procmail
 no_verify
 no_expn

exactly how I have it above

c. In the transports section right below the 2 lines that say:

add in this :

procmail_pipe:
 debug_print = "T: procmail_pipe for $local_part@$domain"
 driver = pipe
 path = "/opt/csw/bin:/bin:/usr/bin"
 command = "/opt/csw/bin/procmail"
 return_path_add
 delivery_date_add
 envelope_to_add

e. Now restart exim:

3. Setup a .procmailrc in the users home directory and make sure it is owned by the user, this is what I had in my test user’s .procmailrc file:

the first set will just delete the messages if they contain [SPAM] in the subject, and they are commented out. The second set will put the messages in the Spam folder. You can replace the Spam with Junk if you want. Make sure the mail directory exists in the home directory and it owned by the user. The Junk/Spam folder will automatically be created if it does not exist the first time a spam message comes in..

Should be it.

To disable sendmail on Solaris 10:

Then I installed Exim from the Blastwave Software library which is really as easy as :

(of course this assumes that you have the pkg-get package installed if not, download and install it. The wonders of pkg-get is that it will download all the dependencies as well.

The changes I made are as follows:

Under the Main Configuration block, I added:

Which allows exim to listen on both port 25 and port 465.

I then changed the

to

which disables ident lookups, (we don’t allow them).

The last change to the main config section is :

Which defines the SSL cert/key and that it should always advertise auth/tls..

Next up is the ACL Configuration, I added this under the “begin acl”

Which makes it so only encrypted authenicated connections will work.

The next change was in the routers section. I wanted the exim server to pass all mail to our spam/virus scanner and not to talk to any other mail server so I added this:

The next change I did was comment out the following:

The final change I made was to use ldap authenication. So I added this to the Authenication Configuration section:

One important note Make sure you leave Username:: : Password:: as that and that you do not change it. It seems that Microsoft has hardcoded those values in as the prompts for username and password in Microsoft Outlook and Outlook Express. So if you make those anything other than Username: and Password: those two clients will NOT work, and you will get some weird base64 error codes back. It took me a couple of hours to figure out why Thunderbird worked and Outbreak didn’t. That was it. What you have now is a SMTP server that only accepts mail from authenicated clients and which forwards all mail to a central hub. Hope this helps other people, it took me a while to get it setup. Another side note, if you use Symantec Antivirus on MS Windows (probably on OSX as well) and have the Email Auto-Protect enabled, you will never be able to send mail out on port 25 if it is encrypted (in this case it is) as Symantec blocks all encrypted mail as it can’t “scan” it.

One final note, to provide some “HA” to this setup I have two identical setups of Exim in 2 different buildings on 2 different networks. They both use the same SSL Cert/Key and are setup in a DNS RR to answer up to the same hostname.

Technorati Tags: Solaris, Exim, TLS