exo : blah

This information is mostly explained in /usr/share/share/exim/README.Debian.gz but to save me the trouble next time I need to do this I'm putting it here.

Firstly you need to generate a certificate: sh /usr/share/doc/exim4-base/examples/exim-gencert. This will create an exim.key and exim.crt file in /etc/exim.

Next you need to get exim to use this. Firstly either create or edit /etc/exim/exim4.conf.localmacros and add the following lines:

MAIN_TLS_ENABLE = true
tls_on_connect_ports = 465

You then need to edit /etc/defaults/exim4 and change SMTPLISTENEROPTIONS to -oX 465:25 -oP /var/run/exim4/exim.pid. This sets up exim to listen on the right port and to advertise that it will do SMTP AUTH.

Now you have to configure exim to support asking for passwords. This is done by editing /etc/exim4/exim4.conf.template and uncommenting the following lines:

login_server:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsear
ch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
  server_set_id = $auth1
  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
  .endif

The final thing to do is to set up some passwords. This is done by creating an /etc/exim4/passwd file in the following format:

:$Username:$password:

This file should have permissions set to 640 and have ownership of root:Debian-exim. You can generate passwords using this command: mkpasswd -H md5.

You can then put all this in place by running update-exim4.conf and restarting exim.

This skips over quite a few details and assumes that you have an already working exim install. The debian exim conf files are well commented and the aforementioned README has more detail on all this so if any of this confuses you then have a look at those.