#title Using TLS with Exim on Debian
#author Stefan Hornburg (Racke)
#topics blog; Debian; Exim
#date 2009-07-03
#pubdate 2009-07-03T11:04:54+02:00
#lang en
This article describes how to enable TLS support for Exim as server on Debian with the split configuration model. /usr/share/doc/exim4-config/README.Debian.gz
already contains a fairly good description of that setup (currently in section 2.2).
First step is to put the SSL key and SSL certificate into /etc/exim4:
erebus:/etc/exim4# ls -l exim.*
-rw-r----- 1 root Debian-exim 960 2009-07-03 11:10 exim.crt
-rw-r----- 1 root Debian-exim 887 2009-07-03 11:10 exim.key
A self signed certicate can be created with /usr/share/doc/exim4-base/examples/exim-gencert.
For running on port 465 you need the following settings:
/etc/default/exim4
SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'
/etc/exim4/conf.d/main/000_localmacros
MAIN_TLS_ENABLE=1
/etc/exim4/conf.d/main/001_localoptions
tls_on_connect_ports=465
Now run update-exim4.conf and restart Exim.
You can test this setup with:
swaks --protocol SSMTPA -au [[mailto:racke@linuxia.de][racke@linuxia.de]] -q HELO -s localhost -ap 'bigsecret'