Re: [exim] Listening on IPv6 port 587

On Tue, Oct 8, 2013 at 4:32 AM, Jan Ingvoldstad <frettled@???> wrote:
> On Tue, Oct 8, 2013 at 3:52 AM, Chuck Peters <cp@???> wrote:
>>
>> So why isn't exim listening on port 587 of the IPv6 address?
>
> I don't think that's how you're supposed to enter different listener ports
> in update-exim4.conf, semicolon is already the separator thingy.
>
> The following seems to work for me (tested with my own IPv4 and IPv6
> addresses):
>
> dc_local_interfaces='127.0.0.1 ; ::1 ; 71.19.158.234 ;
> [2605:2700:0:2::4713:9eea]:587'
>
> Tested with Debian wheezy, which uses Exim 4.80.

I tried that, and other variations, and it's not working. It's
basically the same package from wheezy's 4.80-7, the Ubuntu changelog
4.80-7ubuntu1 shows only one minor change: debian/control: Don't
declare a Provides: default-mta; in Ubuntu, we want postfix to be the
default.

The Readme has very little about other ports, but does say something
about supporting broken mail clients with TLS port 465. It suggests
"adding SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'
in /etc/default/exim4 and "tls_on_connect_ports=465" in the main
configuration section". That wouldn't work because I don't want port
25 on the IPv6 address, at least until I figure out what to add for
IPv6 SPF records.

Are you using TLS with a self signed cert?

To enable TLS generate the self signed cert with
/usr/share/doc/exim4-base/examples/exim-gencert and add
"MAIN_TLS_ENABLE = yes" to
/etc/exim4/conf.d/main/00_exim4-config_localmacros.

The exim-gencert script generates a 1024 bit RSA self signed cert that
expires in 3 years, but with that size key rollovers should probably
be every 3-6 months or less. Adding DNSSEC and staple the cert with
DANE would be nice too!

Thanks,
Chuck