exim4, tls, debian

Dave Smith DavidSmith at byu.net
Mon Sep 5 12:46:48 MDT 2005


Corey Edwards wrote:
> On Sun, 2005-09-04 at 22:07 -0600, Dave Smith wrote:
> 
>>I've got exim4 working on my Debian 3.1 Linode for my personal email 
>>server. Now I want to add TLS so I can authenticate and send messages 
>>securely. The exim4 setup was quite painless thus far, but I can't seem 
>>to find out how to enable TLS. Suggestions?
> 
> 
> tls_advertise_hosts = *
> tls_on_connect_ports = 465
> tls_certificate = /etc/exim4/exim.crt
> tls_privatekey = /etc/exim4/exim.key
> 
> The key and crt are your standard files created by openssl.
> 
> If you're using the split config, put those in
> conf.d/03_exim4-config_tlsoptions.

Corey,

Thanks for the tip. I had done this previously, but to no avail.

Here are the relevant portions of my config:

    log_selector = +tls_cipher +tls_peerdn
    tls_advertise_hosts = *
    tls_certificate = /etc/exim/exim.crt
    tls_privatekey = /etc/exim/exim.key

The private key and cert files are present (generated by 
/usr/share/doc/exim4-base/examples/exim-gencert) and readable by the 
Debian-exim group.

Here's my symptom from the client. I've configured thunderbird to use my 
mail server for SMTP, but to require TLS when sending. When I send an 
email, Thunderbird is able to connect, but then spews a generic error 
popup message about how the SMTP server may be down.

When I configure Thunderbird to NOT use TLS, all is well, but that sucks.

Any more ideas? How do I tell exim4 to enable verbose logging so I can 
see what's really going on?

--Dave



More information about the PLUG mailing list