Exim not using TLS for outgoing mail

[sam88]

I have TLS configured in exim.conf:

tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key
openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
tls_advertise_hosts = *
#auth_over_tls_hosts = *

Whilst I can receive via TLS, I cannot send (checked with checktls.com and gmail.com). I have tried generating new certificates (both self signed with and via letsencrypt) but this hasn't made any difference. There is no mention of TLS on outgoing mail in the exim logs making this quite hard to search for solutions.

Here is my full exim.conf - http://pastebin.com/0c3MeqRd, and excerpt from checktls:

<-- 220 ts4.checktls.com CheckTLS TestSender Wed, 20 Jul 2016 02:57:31 -0400
--> EHLO *removed*
<-- 250-ts4.checktls.com Hello  [*removed*], pleased to meet you
<-- 250-ENHANCEDSTATUSCODES
<-- 250-8BITMIME
<-- 250-STARTTLS
<-- 250 HELP
--> MAIL FROM:<*removed*>
<-- 250 Ok - mail from *removed*
--> RCPT TO:<[email protected]>
<-- 250 Ok - recipient [email protected]
--> DATA

Exim version:

Exim version 4.87 #2 built 17-Apr-2016 15:17:05
Copyright (c) University of Cambridge, 1995 - 2016
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2016
Berkeley DB: Berkeley DB 4.7.25: (September 22, 2015)
Support for: crypteq IPv6 Perl OpenSSL move_frozen_messages Content_Scanning Old_Demime DKIM DNSSEC Event OCSP PRDR Experimental_SPF Experimental_SRS
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /etc/exim.conf

Certificate permissions:

-rw-------. 1 mail mail  3911 Jul 20 01:46 /etc/exim.cert
-rw-------. 1 mail mail  3247 Jul 20 01:46 /etc/exim.key

Does anyone have any ideas? Thanks very much.

 

[SeLLeRoNe]

First thing i notice, you're not using latest exim.conf

head -5 /etc/exim.conf
# SpamBlockerTechnology* powered exim.conf, Version 4.4.2
# Dec 5, 2015
# Exim configuration file for DirectAdmin
# Requires exim.pl as distributed by DirectAdmin here:
# http://files.directadmin.com/services/exim.pl version 21 or higher

Second, is your Let's Encrypt Certificate installed? Exim restarted?
Is your server able to communicate over 465? Are you usingl what clieant to send email? How the SMTP is configured there?

Regards

 

[zEitEr]

Hello,

Just tested with http://checktls.com/perl/TestSender.pl and got a reply "CheckTLS TestSender SUCCESSFUL" with the default:

# SpamBlockerTechnology* powered exim.conf, Version 4.4.2
# Dec 5, 2015
# Exim configuration file for DirectAdmin

What error do you see in the section "Error Note"?