On 2010-09-19 at 18:34 -0400, Allen Williams wrote:
> I cannot get exim4 to advertise STARTTLS. Here is the germane section
> from my autoconfigure.exim.conf file that is configured via a Debian
> configuration. As near as I can tell, the only germane lines are the
> first three. I can post the exim4.conf.template if necessary:
> tls_certificate = "/etc/exim4/tls/exim.crt"
> tls_privatekey = "/etc/exim4/tls/exim.key"
> tls_advertise_hosts = *
These should be sufficient. To be sure that they're not overriden
elsewhere, do you see the same values when you run:
$ exim -bP | fgrep tls_
? This also confirms that the binary as invoked is using the config you
expect.
Next, invoke Exim with debugging as a daemon on a non-standard port and
then telnet to it. After the EHLO, you should see something like:
# exim -oX 29 -d -bd
[...]
51789 host in pipelining_advertise_hosts? yes (matched "*")
51789 host in auth_advertise_hosts? yes (matched "*")
51789 host in tls_advertise_hosts? yes (matched "*")
51789 SMTP>> 250-mx.spodhuis.org Hello localhost [::1]
51789 250-SIZE 67108864
51789 250-EXPN
51789 250-PIPELINING
51789 250-STARTTLS
51789 250 HELP
If it doesn't match tls_advertise_hosts that will be why.
Also check that you're using an Exim built with SSL support. If you
invoke { exim -bV } then the "Support for:" line should list either
OpenSSL or GnuTLS.
> Escape character is '^]'.
> 220 ops.infoisland.net ESMTP Exim 4.69 Sun, 19 Sep 2010 16:54:50 -0400
> ehlo 10.1.1.23
> 250-ops.infoisland.net Hello mail.infoisland.net [10.1.1.23]
> 250-SIZE 52428800
> 250 HELP
I am very surprised to not see PIPELINING there, as it should be on by
default and I wouldn't expect most to have to disable it.
-Phil
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
