[Pkg-exim4-users] Exim4 TLS and relaying

[Yan Seiner]

I am trying to set up up exim4.  I have been running exim4 successfully 
on a very, very old server and rather than trying to migrate my obsolete 
configuration I am trying to set it up from scratch.

At the top of /etc/exim4/exim4.conf.template I have:

MAIN_TLS_ENABLE = true
MAIN_TLS_CERTIFICATE = /etc/ssl/certs/mail_seiner_com.pem

In /etc/exim4/conf.d/auth/30_exim4-config_examples I have:

 plain_server:
   driver = plaintext
   public_name = PLAIN
   server_condition           = ${if pam{$auth2:${sg{$auth3}{:}{::}} 
}{true}{false}}
   server_advertise_condition = ${if eq{$tls_cipher}{}{false}{true}}
   server_set_id = $auth2
   server_prompts = :

login_server:
   driver = plaintext
   public_name = LOGIN
   server_prompts = "Username:: : Password::"
   server_condition           = ${if pam{$auth2:${sg{$auth3}{:}{::}} 
}{true}{false}}
   server_advertise_condition = ${if eq{$tls_cipher}{}{false}{true}}
   server_set_id = $auth1

And yet when I test this from an outside source I do not get any TLS 
advertisement.  Nothing in the exim log files at all:

Connecting to 66.178.130.209

220 NewMoon.seiner.lan ESMTP Exim 4.76 Sun, 27 Oct 2013 07:57:13 -0700 
[5678 ms]
EHLO please-read-policy.mxtoolbox.com
250-NewMoon.seiner.lan Hello mxtb-pws3.mxtoolbox.com [64.20.227.133]
250-SIZE 52428800
250-PIPELINING
250 HELP [702 ms]
MAIL FROM: <supertool at mxtoolbox.com>
250 OK [702 ms]
RCPT TO: <test at example.com>
550 relay not permitted [702 ms]

MXTB-PWS3v2 9454ms

Note the extremely long times for response on the server. I am running a 
pretty much stock Internet configuration except for the TLS cert.

The cert is valid; at least Dovecot recognizes it and uses it 
correctly.  It is a "real" cert not a self-signed cert.

This all points to some massively screwed up setup but as I said, it's 
pretty much bone stock except for the 2 TLS lines.

Any suggestions?

-- 
Project Management Consulting and Training
http://www.ridgelineconsultingllc.com