Here we are going configure exim4 to use SSL/TLS for incoming connections:
- First of all let create an exim4 certificate request (see here how to create a certificate authority):
openssl req -newkey rsa:2048 -keyout exim.key -out exim.csr -days 3650 -nodes
- Now let sign it with our certificate authority:
openssl ca -out exim.crt -infiles exim.csr
- Here we get two important files: exim.key (that is private key) and exim.crt (x509 certificate file). Let copy them to /etc/exim4
- Secure certificates:
chown root:Debian-exim exim.key exim.crt
chmod g=r,o= exim.key exim.crt
- Enable exim4 daemon listening options for ports 25 and 465 (file /etc/default/exim4):
SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'
- Turn on SSL/TLS option (new file /etc/exim4/conf.d/main/00_exim4-localmacros):
MAIN_TLS_ENABLE = true
- Restart exim4 and have a look at log file when you send a test message.
/etc/init.d/exim4 restart
echo test | mail -s "ssl/tls test" root@dev.local
Here is what you will see in log file (/var/log/exim4/mainlog):
... P=esmtps X=TLS1.0:RSA_AES_256_CBC_SHA1:32 ...
If for some reason you can not see esmtps message in log file it most likely it doesn't use SSL/TLS for local delivery, try from remote machine.
Alternative Certificate Location
You can specify any location for ssl/tls certificate (file
/etc/exim4/conf.d/main/00_exim4-localmacros):
MAIN_TLS_CERTIFICATE=/etc/ssl/certs/mail.dev.local-cert.pem
MAIN_TLS_PRIVATEKEY=/etc/ssl/private/mail.dev.local-key.pem
This is useful when you host both SMTP and IMAP services on the same host.
Note, group
Debian-exim must have read access to both files.
Posts
Что то не работает, но всё равно спасибо.
ReplyDeleteЕсли не работает, то что за ошибка?
DeleteВ лог файле строк RSA_AES_256_CBC_SHA1 нет, видимо не прикрутил сертификат (ОС Debian Squeeze).
Delete