Gmail Delay Problem with STARTTLS and Exim4, and a Quick Fix

I've been bitten by this Gmail STARTTLS problem, oh, at least twice, maybe more. Deliverability is affected; gmail.com says there's a delay. This time, it was at work, where I have a server to accept incoming mail. We use EXIM4.

The issue is that Gmail tries to use STARTTLS, and then finds a self-signed certificate. The Gmail policy is to delay that message or reject it. (It used to be a 1 day delay, but now it seems to totally reject it.)

The fix is to purchase a certificate from a recognized authority, and then Gmail will accept it. The problem is purchasing and installing that thing. It'll take a few hours at least, because you need to get approval, money etc. (I used a Comodo cert from Namecheap.com, which worked okay with Gmail, but had some issues with the cert and Thunderbird.)

The quick fix is to turn off TLS support. Gmail will deliver immediately to servers that don't support STARTTLS. Kind of funny: they are so paranoid about fake certificates, but don't care if you lack a certificate entirely.

Here's the fix for Exim4 on Debian or Ubuntu:

sudo vi /etc/exim4/conf.d/main/03_exim4-config_tlsoptions

And comment out the line with this setting:

# MAIN_TLS_ENABLE = yes

That should shut off TLS. Restart exim4:

sudo /etc/init.d/exim4 restart