Exim and TLS
Exim and TLS
Hi,
Seems that exim is not configured by default to use TLS auth.
I followed this guide (found here) : http://support.eidolonhost.com/wiki/Ves ... re_VestaCP
Here's my exim.conf
I Thought using this default conf exim was using tls, but no
But in the two case, TLS doesn't work.
Any idea about what I missed ?
Thanks
Seems that exim is not configured by default to use TLS auth.
I followed this guide (found here) : http://support.eidolonhost.com/wiki/Ves ... re_VestaCP
Here's my exim.conf
Code: Select all
#default conf
#tls_advertise_hosts = *
#tls_certificate = /etc/pki/tls/certs/exim.pem
#tls_privatekey = /etc/pki/tls/private/exim.pemCode: Select all
#config test TLS
tls_advertise_hosts = *
tls_certificate = /usr/local/vesta/ssl/certificate.crt
tls_privatekey = /usr/local/vesta/ssl/certificate.keyAny idea about what I missed ?
Thanks
Re: Exim and TLS
Have your verified that the .crt and .key files are both at the stated locations?Colb wrote:Hi,
Seems that exim is not configured by default to use TLS auth.
I followed this guide (found here) : http://support.eidolonhost.com/wiki/Ves ... re_VestaCP
Here's my exim.conf
I Thought using this default conf exim was using tls, but noCode: Select all
#default conf #tls_advertise_hosts = * #tls_certificate = /etc/pki/tls/certs/exim.pem #tls_privatekey = /etc/pki/tls/private/exim.pem
But in the two case, TLS doesn't work.Code: Select all
#config test TLS tls_advertise_hosts = * tls_certificate = /usr/local/vesta/ssl/certificate.crt tls_privatekey = /usr/local/vesta/ssl/certificate.key
Any idea about what I missed ?
Thanks
As I know when I did it the path was entirely different on CentOS. If the files
are not there, or not the correct ones it won't work.
Reference topic:
viewtopic.php?f=10&t=4304&start=10
Re: Exim and TLS
I have the same Problem with exim4. The certificate and key are on right place, but TLS is still not working.
Guys, have anyone a solution for this problem. Is there anything I can try to make TLS work?
Guys, have anyone a solution for this problem. Is there anything I can try to make TLS work?
Re: Exim and TLS
@jhewit : I followed the reference topic before posting, but it changes nothing. I think i missed something...
The .crt and .key files are indeed in the same location.
The .crt and .key files are indeed in the same location.
-
adamprickett
- Posts: 1
- Joined: Tue Feb 18, 2014 12:30 pm
Re: Exim and TLS
Check permissions on the certificate and key file. They need to be accessible to Exim.
I have SSL working and the perms are -rw-r----- 1 root Debian-exim for both and are stored in /etc/ssl/private/
Also, have you restarted exim?
I have SSL working and the perms are -rw-r----- 1 root Debian-exim for both and are stored in /etc/ssl/private/
Also, have you restarted exim?
Re: Exim and TLS
I also have this same trouble (not being able to enable TLS for Exim) and have seen said guide mentioned several times at the forums - but alas it is offline now. Does anyone have an alternative link for it? Or be willing to walk a noob through this?Colb wrote: I followed this guide (found here) : http://support.eidolonhost.com/wiki/Ves ... re_VestaCP
For starters, I don't know if I should use the certificates found at /usr/local/vesta/ssl or replace them with others. I'm utterly lost and really really need to setup email.
Re: Exim and TLS
Here's what I did to accomplish the following:
For Ubuntu 14.03
if you have your own certificate and key, then change the lines to point to the appropriate files (key and certificate).
TLS/SSL will be forced, but plaintext auth is still allowed, but since it's over TLS/SSL, it's ok.
edit the following lines to point to certificate and key for your server
add this line to prevent plaintext authentication unless there is secured access:
add to end of file (port 0 disables port) to disable unsecure POP3.
http://www.emailsecuritygrader.com/ good link to test mail server security
For Ubuntu 14.03
- 1. Use custom TLS/SSL certs for SMTP:
Code: Select all
nano /etc/exim4/exim4.conf.template
Code: Select all
tls_advertise_hosts = *
tls_certificate = /path/to/certificate.crt
tls_privatekey = /path/to/key.keyCode: Select all
service exim4 restart- 2. Force TLS/SSL login for IMAP
Code: Select all
nano/etc/dovecot/conf.d/10-ssl.confCode: Select all
ssl_cert = </path/to/customcert.crt
ssl_key = </path.to/customkey.keyCode: Select all
disable_plaintext_auth=yesCode: Select all
service dovecot restart- 3. POP3
Code: Select all
nano /etc/dovecot/dovecot.confCode: Select all
# configure pop3-proxy
# added to disable port 110 for unsecure pop3
service pop3-login {
inet_listener pop3 {
port = 0
}
}Re: Exim and TLS
Thanks for the info on this thread, v useful - I had the same requirement to ensure that any auth/password sending was over SSL.
I think one thing may be incomplete, though; in exim4.conf.template you suggest:
From what I can tell, this accepts TLS connections, but does not explicitly require them. I was certainly able to still send mail over 587 (and maybe 25) with no TLS. After hunting around, I also had to add:
Which seems to work. Good call on the dovecot config - I just disabled port 110 in the firewall :P
I think one thing may be incomplete, though; in exim4.conf.template you suggest:
Code: Select all
tls_advertise_hosts = *
tls_certificate = /path/to/certificate.crt
tls_privatekey = /path/to/key.key
Code: Select all
auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
Re: Exim and TLS
Hi,
Does it work if you have several mail domains ?
Do you have anything to modify ?
thanks for your help
J
Does it work if you have several mail domains ?
Do you have anything to modify ?
thanks for your help
J