Q1703

Nick Grimshaw edited this page Aug 23, 2013 · 4 revisions
Clone this wiki locally

Q1703

Question

I have some legacy clients that don't use STARTTLS, but which expect to negotiate a TLS session automatically on connection to the ssmtp port (465). Can Exim handle this?

Answer

If you are using release 4.43 or later, you can set

tls_on_connect_ports = 465

and then arrange for your daemon to listen on both port 25 and port 465 by setting daemon_smtp_ports or local_interfaces or the -X command line option. Or use inetd to listen on port 465. If you are using an earlier release of Exim, you need to run two Exim listeners, on different ports, one of which is started with the -tls-on-connect option (which makes all ports act this way). You can either use two daemons, or a single daemon, with the other listener using inetd. For example, here are commands to start two daemons:

exim -bd -q15m
exim -bd -oX '[0.0.0.0]::465' -tls-on-connect

The first is a normal daemon; the second listens on port 465 and expects to negotiate a TLS session at the start of each connection.