Yann Golanski wrote:
>Quoth Thomas Baumann on Wed, Jul 10, 2002 at 10:58:45 +0200
>
>
>>Is there anybody who can give me a howto
>>to setup exim with tls/ssl correctly, i.e.
>>
>>
>
>Yes.
>
>
>
>>step by step
>>
>>
>
> su -
> cd $EXIM_HOME
> vim Local/Makefile <- edit in all the SSL options.
> make install
> less docs/exim.spec
> vim $EXIM_INSTALL/exim.configuration
> exim -d 9 -b[th] [foo/127.0.0.1]
>
>Last time I looked at it, I set it up just following the instructions
>in the documentation to the letter and things worked fine for me. I even
>tested it using TCPdump and all the packets were encrypted indeed --
>which is what you want really.
>
>
You will also need a certificate if you want it to act as a server for
relaying messages to etc.
These may be created by doing the following all on one line:
openssl req -x509 -newkey rsa:1024 -keyout /etc/eximcert -out /etc/eximcert -days 9999 -nodes
It creates a certificate at /etc/eximcert for the mail server to use.
You also need a couple of things in the exim.conf file to tell exim to
use it:
tls_certificate = /etc/eximcert
tls_privatekey = /etc/eximcert
tls_advertise_hosts = *
After restarting exim it should tell everyone that it can use TLS. Exim
will use TLS by default if it is there.
Do have a look through the manual - it is very good. Have a look for
certificates, TLS etc.
http://www.exim.org/exim-html-4.00/doc/html/spec_toc.html#TOC200
Cheers
Xander
