2

I am configuring Exim on a Ubuntu server to send and receive mails via TLS.

Followed many guides which shows on how to configure Exim with TLS but still my Exim doesn't listen on 465 or 587

Exim only listen's on port 25 and I am able to send an receive mails

This is the official guide that I followed: https://help.ubuntu.com/community/Exim4

But still no luck, also I cannot find any reference in the config files which indicates on which ports is exim listening

I have also allowed the ports 465 and 587 via ufw using the command:

ufw allow 465
ufw allow 465

but still Exim won't listen on 465 or 587, can anybody help me on why this is happening or is there are steps that I am missing

Sachin
  • 21
  • 1
  • 3
  • Run `ss -nl | egrep "25|465|587"` to ensure you listen these ports. – Kondybas Jun 19 '17 at 08:43
  • @Kondybas only shows 25 .... what should I do to make them listen? – Sachin Jun 19 '17 at 09:38
  • Run `exim -bP | grep "daemon_smtp_ports"` to ensure you have SMA/SMTPS ports enabled. – Kondybas Jun 19 '17 at 12:00
  • @Kondybas thanks for the reply..... it shows the following output: **daemon_smtp_ports = smtp** .. i tried to add the following line **daemon_smtp_ports = 25 : 587** in `/etc/exim4/update-exim4.conf.conf` but it deosn't load it – Sachin Jun 19 '17 at 12:42
  • Read soroughly the guide. You can miss some significant step(s). – Kondybas Jun 19 '17 at 12:52
  • @Kondybas tried them all like this one here: [link](https://debian-administration.org/users/lee/weblog/19) but still no sucess – Sachin Jun 19 '17 at 13:17
  • At start exim logs the addresses and ports it's listening to. If that won't help `exim4 -d -bd` would start with the same info in more detail. – grin Feb 14 '19 at 14:15
  • Also, try disabling `ufw` and then seeing. – IMTheNachoMan Feb 21 '19 at 03:19

2 Answers2

1

For Ubuntu 18.04 I've found that the following works in update-exim4.conf.conf:

dc_local_interfaces='<; [0.0.0.0]:465; [0.0.0.0]:587'

Then the usual: run update-exim4.conf and restart the service.

Check (sorry - there are more modern ways, but fingers remember netstat):

# netstat --listen -lnp | grep exim
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      10874/exim4         
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      10874/exim4

NB: It may be good idea to enable port 25 as well. For example, some local services may want to send mail to localhost:25.

Roman Susi
  • 141
  • 5
0

You have to configure it in the "/etc/default/exim4" file. There it says:

# Options for the SMTP listener daemon. By default, it is listening on
# port 25 only. To listen on more ports, it is recommended to use
# -oX 25:587:10025 -oP /run/exim4/exim.pid 
SMTPLISTENEROPTIONS=''

So to make it listen on additional ports you have to change SMTPLISTENEROPTIONS in /etc/default/exim4. To use only port 587 you have to write this:

SMTPLISTENEROPTIONS='-oX 25:587:10025 -oP /run/exim4/exim.pid'

And to also use port 465 you have to write this:

SMTPLISTENEROPTIONS='-oX 25:465:587:10025 -oP /run/exim4/exim.pid'

Afterward you have to restart exim:

/etc/init.d/exim4 restart

When using port 465 you also have to add

tls_on_connect_ports = 465

to your exim configuration file so that the SSL session is immediately started when connecting to port 465.

Afterward you can check the connection:

Without SSL:

telnet localhost 25
EHLO test

With SSL:

openssl s_client -connect localhost:25 -starttls smtp
EHLO test

openssl s_client -crlf -connect localhost:465
EHLO test

openssl s_client -connect localhost:587 -starttls smtp
EHLO test

If your exim server manages multiple domains and you are using a different certificate for each domain, you can use the "-servername" parameter when testing your server:

openssl s_client -connect localhost:587 -servername example.com -starttls smtp
EHLO test

Then you can check if the correct certificate was sent.

Dominique
  • 101
  • 2