From a03c20b2c0a03c5b3837dcc09d468d7214320050 Mon Sep 17 00:00:00 2001
From: Lluis Mora <lmora@gvcgroup.com>
Date: Sat, 18 Mar 2023 20:34:26 +0000
Subject: [PATCH 1/2] Disable TLS if no certificate and key is provided (as by
 default exim4 generates a self-signed certificate and enables TLS no matter
 what)

---
 entrypoint.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/entrypoint.sh b/entrypoint.sh
index 9cb200e..36ba8d9 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -50,6 +50,8 @@ if [ "$KEY_PATH" ] && [ "$CERTIFICATE_PATH" ]; then
 	chgrp Debian-exim /etc/exim4/exim.crt
 	chmod 640 /etc/exim4/exim.key
 	chmod 640 /etc/exim4/exim.crt
+else
+	  echo "MAIN_TLS_ENABLE = no" >>  /etc/exim4/exim4.conf.localmacros
 fi
 
 opts=(

From 7e375e5f9c2a9990e8eee12201c3b22cd4241eb4 Mon Sep 17 00:00:00 2001
From: Lluis Mora <lmora@gvcgroup.com>
Date: Sat, 18 Mar 2023 21:01:13 +0000
Subject: [PATCH 2/2] Do not advertise STARTTLS to any client

---
 entrypoint.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 36ba8d9..0dbf19d 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -51,7 +51,8 @@ if [ "$KEY_PATH" ] && [ "$CERTIFICATE_PATH" ]; then
 	chmod 640 /etc/exim4/exim.key
 	chmod 640 /etc/exim4/exim.crt
 else
-	  echo "MAIN_TLS_ENABLE = no" >>  /etc/exim4/exim4.conf.localmacros
+	  echo "MAIN_TLS_ENABLE = no" >> /etc/exim4/exim4.conf.localmacros
+	  echo "MAIN_TLS_ADVERTISE_HOSTS = !*" >> /etc/exim4/exim4.conf.localmacros
 fi
 
 opts=(