MTA: Exim

SSL configuration

by ross at 09:06:52 on April 27, 2017

Create keys as described here: OpenSSL certificates.

Adjust ownership of the certificates:

# cd /etc/certs
# chgrp mail *
# chmod g+r *

Find and uncomment the following lines in /usr/local/etc/exim/configure:

tls_advertise_hosts = *

tls_certificate = /etc/certs/example.com.cert
tls_privatekey = /etc/certs/example.com.key

daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465

If you want to only allow AUTH commands via encrypted channel add the following:

auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}

Restart exim:

# service exim restart

 

Comments