This article describes how to enable TLS support for Exim as server on Debian with the split configuration model. /usr/share/doc/exim4-config/README.Debian.gz already contains a fairly good description of that setup (currently in section 2.2).

First step is to put the SSL key and SSL certificate into /etc/exim4:

erebus:/etc/exim4# ls -l exim.*

-rw-r----- 1 root Debian-exim 960 2009-07-03 11:10 exim.crt

-rw-r----- 1 root Debian-exim 887 2009-07-03 11:10 exim.key

A self signed certicate can be created with /usr/share/doc/exim4-base/examples/exim-gencert.

For running on port 465 you need the following settings:


SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/'





Now run update-exim4.conf and restart Exim.

You can test this setup with:

swaks --protocol SSMTPA -au -q HELO -s localhost -ap 'bigsecret'