Exim Introduction

Introduction

Exim is a mail transfer agent (MTA), that can be run instead of sendmail. The job of a MTA is to receive and send messages from different sources, Exim can accept message via SMTP (simple mail transfer protocol) over TCP/IP as well as from local processes. Exim uses a single configuration file that is divided into a number of sections, entries in each section are keyword/value pairs. The configuration file can reference data from DNS, NIS or LDAP and a number of SQL databases. Exim uses ACL (access control lists) to check and control incoming messages, you can carry out tests before it is accepted.

Exim can offer the following

Exim has adopted the sendmail commandline interface so that it can be installed as a replacement, all the relevant sendmail options are implemented. There is also a X window interface called eximon.

Exim cannot modify message bodies and it cannot translate messages bodies from one form of encoding to another but you could use a filter and an external program to do this.

MTA and Internet Message Standards

Users use mail user agents (MUAs) to receive and send email (outlook, pine), the MUA sends the message to a MTA which then tranfers it on to another MTA (in another company), this then sends it to a local mailbox (MS exchange), the user will then use a MUA to pickup the message.

MTA servers generally listen on the standard SMTP port (port 25), from a MTA's point of view there are two sources of incoming messages: local processes and other hosts. There are three types of destination: local files, local processes via pipes and other hosts.

MTA and MUA can run on the same server, but generally you will find these on different servers. When a MUA reads mail it will be using either POP or IMAP protocols but these protocols cannot send message, thus the MUA will use SMTP to send the message to the MTA.

MTAs spool messages while waiting for delivery, there may be problems with the other MTA (server down, network problems, etc) so the message is spooled (stored on disk) until communications resume.

The term hub is used when a MTA receives email from the outside world and distributes it within its local network. A single hub is common in companies where all the mail is passed through this single server.

Message Format

Electronic mail messages on the internet are formatted according to RFC 2822 which defines the format of a message as it is transferred between hosts. SMTP is the protocol used to pass these messages around which is detailed in RFC 2821.

A message consists of lines of text, each line is terminated by the carriage return immediately followed by linefeed. A message consists of one header (meta-data) and a body.

The header will at least contain the following

Other header fields are: CC, Bcc, Received, Content-Type, Reply-To, References, In-Reply-To, X-Face

The body is the main part of an email message containing the data such as text or images.

When messages are passed from MTA to MTA additional information is sent before the RFC 2822 data, this is called the envelope, this contains the senders address and one or more recipients addresses.

Message Structure

MAIL FROM: <paul.valle@datadisk.co.uk>
RCPT TO: <paul.valle@example.com>

DATA
Received: from paul by mail.datadisk.co.uk with local (Exim 4.62)
        id 1Ftiq5-0000bD-9p;
        Thu, 06 Nov 2008, 15:56:23
From: Paul Valle <paul.valle@datadisk.co.uk>
To: Whom ever <whomever@example.com>
Subject: This is a test email message
Date: 06 Nov 2008, 15:56:23
Message-ID: <AGTF564FRDTUSN>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

Hello,
       hope you had a nive time on holiday
.

Note: the envelope is in bold

SMTP protocol

SMTP is a simple text-based command-reply protocol, the client sends a command to the server and then waits for a reply before proceeding to the next command. Exim operates entirely on the first digit of SMTP response code (the second and third give additonal information). The response codes are

Code
Meaning
2xx
The command was successful
3xx
Additional data is required for the command
4xx
The command suffered a temporary error
5xx
The command suffered a permanent error

A client initializes the session by sending an EHLO, the response to EHLO gives the server name in the first line, optionally followed by other information text, and lists the extended SMTP features that server supports in the subsequent lines.Once the EHLO has been accepted the client may then send any number of messages to the host.

The command DATA indicates that the message is now being sent, the server will now wait until a single dot contained on a line is sent which means the end of the message. If a line begins with a dot a dot is appended to the end of the line to guard against premature termination.

Forgery, Authenication and Encryption

It it trivial to forge unencrypted mail, all the MTA does is to log the IP address of the sending host, and include it in the Received: line that adds it to the message. Spam mail often change the header to disguse where the original mail came from, you can only trust the top of the message that were added by the MTAs running on hosts whose administrator you trust.

The original SMTP protocol had no factilities for authenicating clients or for encrypting messages as they are transferred between hosts. When routing mail the steps a MTA has to perform in order to handle a message are as follows:

There are a number of checks that are made when receiving messages from other hosts, the recipient address can be check as also the senders address can be checked.

Mail and DNS

DNS is a world wide database that holds various kinds of data indexed by keys that are called domain names. The data is held in units called records, each containing a number of fields, of which the domain name, record type and data specific to the record type are relevant to applications that use the DNS

DNS records

mail1.datadisk.co.uk.   A   192.168.0.100
mail2.datadisk.co.uk.   A   192.168.0.101
mail3.datadisk.co.uk.   A   192.168.0.102

Note: domain name mail1.datadisk.co.uk is record type A (address) and the data is 192.168.0.100

The servers that implement DNS are called name servers, and are distributed throughout the internet. The hierararchical name space is broken up intop zones, ecah of which is managed by its own administrator and stored on its own master server. The breakpoints between zones are always between components of a domain name, but not necessarily at every boundary, for example there is a uk zone, and a ac.uk and cam.ac.uk zones, but there is no seperate csx.cam.ac.uk zone. There is usally one master server for each zone, and several slaves that copy their data (zone file) from the master.

A MX (mail exchange) type of DNS record, maps a mail domain to a host that is registered as handling mail for that domain, with a peference value. There many be multiple MX records for a domain, and when a name server is queried, it returns all of them. The values can be tought of as distances from the target, the smaller the value the more preferred host.

MX Record

datadisk.co.uk.   MX   10   mail1.datadisk.co.uk.     ## MTA will try here first
datadisk.co.uk.   MX   20   mail2.datadisk.co.uk.     ## MTA will try here second
datadisk.co.uk.   MX   30   mail3.datadisk.co.uk.     ## MTA will try here third

Note: the MTA will lookup the IP addresses of the mail hosts, via the A record.