Anyone sucessfully set up mta-sts with exim4?

Question

I'm trying to set up mta-sts. According to both mxtoolbox and mailhardener.com with full success (domain is dmatthews.org). But it does not actually work. I know this because I also set up the reporting, which always says either certificate-host-mismatch or certificate-not-trusted and on a little used second domain (which also passes with flying colours at the two test sites) I set an enforce policy and indeed no test mail gets delivered.

So my suspicion is that there is something wrong with my exim4 setup, which would not surprise me. Has anyone done this? Surely it must be possible with exim4? I use the single file template which I've copied to https://dmatthews.org/exim4.conf.template if anyone cares to look

score 0 · Answer 1 · answered Nov 17 '24 at 14:12

The final issue I had is that exim4 was using the untrusted certificate generated at install time. Letsencrypt can help but you need a cert for your_mail_server.yourdomain.com, not for yourdomain.com. On debian you also need to alter permissions and ownership. Full explanation at

https://dmatthews.org/email_server/mta-sts.html

Anyone sucessfully set up mta-sts with exim4?

1 Answers1