Aug 12

exim4: adding a SMTP banner and enabling TLS for mail relay

Category: Linux  ,,, — Published by goeszen on August 12, 2014 at 9:07 pm

Two things you can do to boost the reputation of your exim server (apart from having a correct reverse DNS record)  is to enable the smtp_banner, and enabling TLS (or https, SSL) encryption for mail relay.

SMTP Banner

Actually, I think it is enabled by default now, and ignored by many relays, as it had been deisabled in the past very often to stop people from sniffing what's running on your network. But these days are gone and it can't do much harm anymore to advertise you're running exim.

In split config files, go to /etc/exim4/conf.d/main/02_exim4-config_options and add
"smtp_banner = ${primary_hostname} ESMTP"See, we are omitting the version number of exim here. Anyway...

TLS

Follow the guide on the Debian Wiki

First, run: $ bash /usr/share/doc/exim4-base/examples/exim-gencert
Then add "MAIN_TLS_ENABLE = yes" to your condif file, /etc/exim4/exim4.conf.template (for single file configurations) or /etc/exim4/conf.d/main/03_exim4-config_tlsoptions (for split config files)

 

Leave a Reply

=