Exim TLS via port 587

[Jamie@DreamIT Host]

Hey everyone.

Has anyone managed to figure out how to get a SSL certificate working with Exim on port 587?

It seems that the exim.conf listens to requests on port 587, however does not use the TLS certificate unless 'tls_on_connect_ports' is updated to include 587.

I did see after introducing this change, SSL certificates were now being used on port 587, but this seems to have broken SMTP delivery without any specific error messages in the logs.

 

[ikkeben]

@jamie_dreamit
You forgot to post OS version, DA versions and CERT / LE versions so also the exim versions.

And some config info's about yes no sni mail sni mail mx on domain or hostname and so...

 

[Jamie@DreamIT Host]

AlmaLinux 8 & CentOS 7
Latest DA 1.62.9, LetsEncrypt & CustomBuild

mail_sni is enabled and confirmed working for server hostname & mail.customerdomain.com (on ports 993 & 465 only)

 

[Richard G]

And which Exim version? You forgot that one.

 

[Active8]

We are using STARTTLS on port 587 all the time for all our servers.
Just using the stock exim.conf file never made an custom change to it, works out of the box for us

I must admit we are using server certificate to be sure because sometimes mail.domain.com didnt work (to lazy to sort out )
Using exim latest exim (4.94.2) and exim conf 4.5 but also worked for exim 4.95

 

[mxroute]

It's expected that 587 is used with STARTTLS and 465 is a pure SSL session from the start. Are you sure that changing this default behavior is really what you want to do? My recommendation would be to leave it alone and use 465 for the purpose you seem to have in mind, assuming your connecting application can't issue a STARTTLS command over 587.