Email Setup Readme¶
Email Server Setup Documentation¶
Overview¶
Exim4 mail server has been configured for all domains with TLS encryption and DKIM signing.
Server Details¶
MTA: Exim4
Listening Port: 25 (SMTP), 587 (submission - if enabled)
TLS Certificates: Let’s Encrypt via Caddy
DKIM: Enabled for ALL domains (86 domains)
Domains Configured¶
86 domains are configured to accept email. See /etc/exim4/update-exim4.conf.conf for full list.
DNS Records Required (ALL DOMAINS)¶
MX Records¶
For each domain, add:
Type: MX
Name: @
Value: georgelambert.org (priority 10)
SPF Records¶
Add to each domain’s DNS:
Type: TXT
Name: @
Value: "v=spf1 a mx ip4:70.88.205.138 ~all"
DMARC Records¶
Add to each domain:
Type: TXT
Name: _dmarc
Value: "v=DMARC1; p=quarantine; rua=mailto:dmarc@domain.com; ruf=mailto:dmarc@domain.com; sp=quarantine; adkim=r; aspf=r"
DKIM Records¶
Add to each domain:
Type: TXT
Name: default._domainkey
Value: "v=DKIM1; k=rsa; p=<KEY_FROM_/etc/exim4/dkim/domain.pub>"
Wildcard Record¶
All subdomains automatically resolve to the server:
Type: A
Name: *
Value: 70.88.205.138
Complete DNS Zone Example (becca.gallery)¶
$ORIGIN becca.gallery.
$TTL 3600
@ IN SOA ns1.becca.gallery. admin.becca.gallery. ( 1 3600 1800 604800 86400 )
; Name servers
ns1 IN A 70.88.205.138
ns2 IN A 70.88.205.138
; MX Record
@ IN MX 10 georgelambert.org.
; A Records
@ IN A 70.88.205.138
www IN A 70.88.205.138
mail IN A 70.88.205.138
; Wildcard Record
* IN A 70.88.205.138
; SPF Record
@ IN TXT "v=spf1 a mx ip4:70.88.205.138 ~all"
; DMARC Record
_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@becca.gallery; ruf=mailto:dmarc@becca.gallery; sp=quarantine; adkim=r; aspf=r"
; DKIM Record
default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA..."
Important File Locations¶
Configuration Files¶
/etc/exim4/update-exim4.conf.conf- Main Exim4 configuration/etc/exim4/exim4.conf.localmacros- Local macros (TLS, DKIM settings)/etc/aliases- Email aliases
Certificates¶
/etc/exim4/certs/- SSL certificates synced from Caddy/etc/exim4/private/- Private keys
DKIM Keys¶
/etc/exim4/dkim/- DKIM private and public keys (86 domains)
DNS Zone Files¶
/etc/coredns/zones/- All domain zone files
Logs¶
/var/log/exim4/mainlog- Main mail log/var/log/exim4/rejectlog- Rejected mail log
Maintenance Commands¶
Reload Exim4 configuration¶
update-exim4.conf && systemctl restart exim4
Sync certificates from Caddy¶
/usr/local/bin/sync-certs-to-exim.sh
Check mail queue¶
exim4 -bp
Check mail statistics¶
exim4 -bpc
Test mail routing¶
exim4 -bt user@domain.com
View mail logs¶
tail -f /var/log/exim4/mainlog
Reload DNS¶
systemctl reload coredns
Security Notes¶
TLS Required: All connections support TLS encryption
DKIM Signing: Outgoing mail is DKIM-signed for ALL domains
SPF Records: Ensure SPF records are added to all domains
DMARC: Configured for all domains
Certificate Auto-Renewal: Caddy automatically renews certificates
Wildcard DNS: All subdomains resolve to the server
Troubleshooting¶
Check if Exim is listening¶
ss -tlnp | grep :25
Test SMTP connection¶
telnet localhost 25
Verify DKIM signature¶
exim4 -Mvh <message-id>
Check certificate validity¶
openssl x509 -in /etc/exim4/certs/georgelambert.org.crt -noout -dates
Test DNS records¶
# MX Record
dig @127.0.0.1 domain.com MX
# SPF Record
dig @127.0.0.1 domain.com TXT
# DMARC Record
dig @127.0.0.1 _dmarc.domain.com TXT
# DKIM Record
dig @127.0.0.1 default._domainkey.domain.com TXT
# Wildcard
dig @127.0.0.1 anything.domain.com A