MTA: Exim

SSL configuration

by ross at 05:28:19 on November 21, 2012

Create keys as described here: OpenSSL certificates.

Adjust ownership of the certificates:

# cd /etc/certs
# chgrp mail *
# chmod g+r *

Find and uncomment the following lines in /usr/local/etc/exim/configure:

tls_advertise_hosts = *

tls_certificate = /etc/certs/server.crt
tls_privatekey = /etc/certs/server.unencrypted.key

daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465

If you want to only allow AUTH commands via encrypted channel add the following:

auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}

Restart exim:

# service exim restart

 

Comments