You have to configure it in the "/etc/default/exim4" file. There it says:
# Options for the SMTP listener daemon. By default, it is listening on
# port 25 only. To listen on more ports, it is recommended to use
# -oX 25:587:10025 -oP /run/exim4/exim.pid
SMTPLISTENEROPTIONS=''
So to make it listen on additional ports you have to change SMTPLISTENEROPTIONS in /etc/default/exim4. To use only port 587 you have to write this:
SMTPLISTENEROPTIONS='-oX 25:587:10025 -oP /run/exim4/exim.pid'
And to also use port 465 you have to write this:
SMTPLISTENEROPTIONS='-oX 25:465:587:10025 -oP /run/exim4/exim.pid'
Afterward you have to restart exim:
/etc/init.d/exim4 restart
When using port 465 you also have to add
tls_on_connect_ports = 465
to your exim configuration file so that the SSL session is immediately started when connecting to port 465.
Afterward you can check the connection:
Without SSL:
telnet localhost 25
EHLO test
With SSL:
openssl s_client -connect localhost:25 -starttls smtp
EHLO test
openssl s_client -crlf -connect localhost:465
EHLO test
openssl s_client -connect localhost:587 -starttls smtp
EHLO test
If your exim server manages multiple domains and you are using a different certificate for each domain, you can use the "-servername" parameter when testing your server:
openssl s_client -connect localhost:587 -servername example.com -starttls smtp
EHLO test
Then you can check if the correct certificate was sent.