#title Using TLS with Exim on Debian
#author Stefan Hornburg (Racke)
#topics blog; Debian; Exim
#date 2009-07-03
#pubdate 2009-07-03T11:04:54+02:00
#lang en



This article describes how to enable TLS support for Exim as server on Debian with the split configuration model. <code>/usr/share/doc/exim4-config/README.Debian.gz</code> already contains a fairly good description of that setup (currently in section 2.2).

First step is to put the SSL key and SSL certificate into /etc/exim4:

<example>

erebus:/etc/exim4# ls -l exim.*

-rw-r----- 1 root Debian-exim 960 2009-07-03 11:10 exim.crt

-rw-r----- 1 root Debian-exim 887 2009-07-03 11:10 exim.key

</example>

A self signed certicate can be created with /usr/share/doc/exim4-base/examples/exim-gencert.

For running on port 465 you need the following settings:

/etc/default/exim4

<example>

SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'

</example>

/etc/exim4/conf.d/main/000_localmacros

MAIN_TLS_ENABLE=1

/etc/exim4/conf.d/main/001_localoptions

tls_on_connect_ports=465

Now run update-exim4.conf and restart Exim.

You can test this setup with:

swaks --protocol SSMTPA -au [[mailto:racke@linuxia.de][racke@linuxia.de]] -q HELO -s localhost -ap 'bigsecret'