Using TLS with Exim on Debian

This article describes how to enable TLS support for Exim as server on Debian with the split configuration model. /usr/share/doc/exim4-config/README.Debian.gz already contains a fairly good description of that setup (currently in section 2.2).

First step is to put the SSL key and SSL certificate into /etc/exim4:

erebus:/etc/exim4# ls -l exim.*

-rw-r----- 1 root Debian-exim 960 2009-07-03 11:10 exim.crt

-rw-r----- 1 root Debian-exim 887 2009-07-03 11:10 exim.key

A self signed certicate can be created with /usr/share/doc/exim4-base/examples/exim-gencert.

For running on port 465 you need the following settings:

/etc/default/exim4

SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'

/etc/exim4/conf.d/main/000_localmacros

MAIN_TLS_ENABLE=1

/etc/exim4/conf.d/main/001_localoptions

tls_on_connect_ports=465

Now run update-exim4.conf and restart Exim.

You can test this setup with:

swaks --protocol SSMTPA -au racke@linuxia.de -q HELO -s localhost -ap 'bigsecret'