Exim TLS via port 587

jamie_dreamit

Verified User
Joined
Jan 24, 2021
Messages
8
Hey everyone.

Has anyone managed to figure out how to get a SSL certificate working with Exim on port 587?

It seems that the exim.conf listens to requests on port 587, however does not use the TLS certificate unless 'tls_on_connect_ports' is updated to include 587.

I did see after introducing this change, SSL certificates were now being used on port 587, but this seems to have broken SMTP delivery without any specific error messages in the logs.
 

jamie_dreamit

Verified User
Joined
Jan 24, 2021
Messages
8
AlmaLinux 8 & CentOS 7
Latest DA 1.62.9, LetsEncrypt & CustomBuild

mail_sni is enabled and confirmed working for server hostname & mail.customerdomain.com (on ports 993 & 465 only)
 

Active8

Verified User
Joined
Jul 13, 2013
Messages
674
We are using STARTTLS on port 587 all the time for all our servers.
Just using the stock exim.conf file never made an custom change to it, works out of the box for us

I must admit we are using server certificate to be sure because sometimes mail.domain.com didnt work (to lazy to sort out :) )
Using exim latest exim (4.94.2) and exim conf 4.5 but also worked for exim 4.95
 
Last edited:

mxroute

Verified User
Joined
Sep 24, 2019
Messages
137
It's expected that 587 is used with STARTTLS and 465 is a pure SSL session from the start. Are you sure that changing this default behavior is really what you want to do? My recommendation would be to leave it alone and use 465 for the purpose you seem to have in mind, assuming your connecting application can't issue a STARTTLS command over 587.
 
Top