On Sat, 28 Jun 2025, Martin McCormick via Exim-users wrote:
When using stunnel to setup the encrypted link between this box
and the smarthost, am I correct in assuming that exim, itself, is
only now working with old-school plain text, talking through
stunnel's tls translation engines which do all the en/decryption?
Am I also correct in that exim4 will need to be still set
to 587 which is what this smarthost communicates on. If my
limited knowledge of TCP/IP serves me correctly, the port numbers
are in the packet headers so stunnel probably leaves those
however your application sets them.
I've never tried this and I may very well be wrong, but I think
you need stunnel to listen to exim on a port of your choice
and make a connection to port 465
since with port 587 the SMTP greeting comes before the TLS encryption.
Does the smart server provide submissions on 465 ?
--
How do other users of this smart host manage ?
I still think your efforts might be better spent on getting the
smart host to use a free LetsEncrypt certificate,
rather than hacking your machine to ignore their expired certificate.
--
Andrew C. Aitchison Kendal, UK
[email protected]
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
