Re: [exim] Not advertising STARTTLS

On 2010-09-19 at 18:34 -0400, Allen Williams wrote:
> I cannot get exim4 to advertise STARTTLS. Here is the germane section
> from my autoconfigure.exim.conf file that is configured via a Debian
> configuration. As near as I can tell, the only germane lines are the
> first three. I can post the exim4.conf.template if necessary:

> tls_certificate = "/etc/exim4/tls/exim.crt"
> tls_privatekey = "/etc/exim4/tls/exim.key"
> tls_advertise_hosts = *

These should be sufficient. To be sure that they're not overriden
elsewhere, do you see the same values when you run:

$ exim -bP | fgrep tls_

? This also confirms that the binary as invoked is using the config you
expect.

Next, invoke Exim with debugging as a daemon on a non-standard port and
then telnet to it. After the EHLO, you should see something like:

# exim -oX 29 -d -bd
[...]
51789 host in pipelining_advertise_hosts? yes (matched "*")
51789 host in auth_advertise_hosts? yes (matched "*")
51789 host in tls_advertise_hosts? yes (matched "*")
51789 SMTP>> 250-mx.spodhuis.org Hello localhost [::1]
51789 250-SIZE 67108864
51789 250-EXPN
51789 250-PIPELINING
51789 250-STARTTLS
51789 250 HELP

If it doesn't match tls_advertise_hosts that will be why.

Also check that you're using an Exim built with SSL support. If you
invoke { exim -bV } then the "Support for:" line should list either
OpenSSL or GnuTLS.

> Escape character is '^]'.
> 220 ops.infoisland.net ESMTP Exim 4.69 Sun, 19 Sep 2010 16:54:50 -0400
> ehlo 10.1.1.23
> 250-ops.infoisland.net Hello mail.infoisland.net [10.1.1.23]
> 250-SIZE 52428800
> 250 HELP

I am very surprised to not see PIPELINING there, as it should be on by
default and I wouldn't expect most to have to disable it.

-Phil