I cannot get exim4 to advertise STARTTLS. Here is the germane section
from my autoconfigure.exim.conf file that is configured via a Debian
configuration. As near as I can tell, the only germane lines are the
first three. I can post the exim4.conf.template if necessary:
----------------------------------------------------------------------------------------
tls_certificate = "/etc/exim4/tls/exim.crt"
tls_privatekey = "/etc/exim4/tls/exim.key"
tls_advertise_hosts = *
.ifdef MAIN_TLS_ENABLE
.ifndef MAIN_TLS_ADVERTISE_HOSTS
MAIN_TLS_ADVERTISE_HOSTS = *
.endif
.ifndef MAIN_TLS_VERIFY_CERTIFICATES
MAIN_TLS_VERIFY_CERTIFICATES = ${if
exists{/etc/ssl/certs/ca-certificates.crt}\
{/etc/ssl/certs/ca-certificates.crt}\
{/dev/null}}
.endif
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES
.ifdef MAIN_TLS_VERIFY_HOSTS
tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
.endif
.ifndef MAIN_TLS_TRY_VERIFY_HOSTS
MAIN_TLS_TRY_VERIFY_HOSTS = *
.endif
tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS
.endif
.ifdef MAIN_LOG_SELECTOR
log_selector = MAIN_LOG_SELECTOR
.endif
--------------------------------------------------------------------------------------------
When I use my email client (Icedove, again Debian version of
Thunderbird), I get a message that says "STARTTLS" isn't advertised.
When I telnet it, I get this:
---------------------------------------------------------------------------------------------
Escape character is '^]'.
220 ops.infoisland.net ESMTP Exim 4.69 Sun, 19 Sep 2010 16:54:50 -0400
ehlo 10.1.1.23
250-ops.infoisland.net Hello mail.infoisland.net [10.1.1.23]
250-SIZE 52428800
250 HELP
help
214-Commands supported:
214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
------------------------------------------------------------------------------------------------
One can see that STARTTLS is not being advertised, but when you type
"help", there it is. I've tried using the macros in the Debian stuff,
and finally just edited the template file and rebuilt it, removing the
macro stuff (as you can see by the conf file, above).
There's tons of stuff on the net both for exim4 on Debian and on generic
Linux, and, to get the STARTTLS, supposedly the three tls_ lines are
what I need, but I can't get it to advertise. I've searched the
internet, and seen a few things about this, and tried them all; they
almost all boil down to someone not having tls_advertise_hosts set
because it was not in the conf file or didn't have the appropriate macro
set (in the Debian configuration; this is why I posted the autoconfigure
file- it shows that I'm evidently getting the tls_advertise_hosts).
Of course, my utlimate goal is to have authenticated relay, but haven't
gotten that far yet.
TIA,
Allen
