Replace STARTTLS with SSL/TLS and enforce it

is there a way to replace default security connection “STARTTLS” to “SSL/TLS” and enforce it? Also, is it possible to change the port numbers? I checked Hestia’s online documentation and configuration files on the server, but did not find a mention. Or it should be done configuring directly exim4 and dovecot?

Thank you for hints.

The way is to change setings in exim4 configuration files.

  1. open ports in firewall, if not already opened: 80 (webmail plain), 443 (webmail tls), 25 (smtp plain), 465 (smtp tls), 993 (imap tls)
  2. nano /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp
    hosts_require_tls = *
  3. nano /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost
    hosts_require_tls = *
  4. nano /etc/exim4/conf.d/main/03_exim4-config_tlsoptions
    tls_verify_hosts = *
    tls_certificate = /home/USER*/conf/mail/YOUR_DOMAIN**/ssl/YOUR_DOMAIN.pem
    tls_privatekey = /home/USER*/conf/mail/YOUR_DOMAIN**/ssl/YOUR_DOMAIN.key

* username of the user, who created the domain in Hestia administration panel
** your domain name

1 Like