diff --git a/.gitignore b/.gitignore
index a4eb1a1..d2ed908 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
 .*~
 ENV
 ENV.test
+tmp/
diff --git a/Dockerfile b/Dockerfile
index b579b07..76ee777 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@ ENV SMARTHOST_PASS=""
 # ip addresses or networks to allow for relaying, separate multiple ones by semicolon
 ENV RELAYNETS="127.0.0.1/32"
 
-RUN apk add --no-cache exim m4
+RUN apk add --no-cache exim m4 openssl
 
 COPY exim.conf.m4 /etc/exim
 COPY start.sh /etc/exim
diff --git a/exim.conf.m4 b/exim.conf.m4
index 3d8a526..e34aafe 100644
--- a/exim.conf.m4
+++ b/exim.conf.m4
@@ -22,7 +22,8 @@ primary_hostname = HOSTNAME
 
 acl_smtp_rcpt = acl_check_rcpt
 
-tls_advertise_hosts =
+tls_certificate = /etc/exim/tls.crt
+tls_privatekey = /etc/exim/tls.key
 
 begin routers
 smarthost_route:
diff --git a/start.sh b/start.sh
index 83f891a..eea2d8d 100755
--- a/start.sh
+++ b/start.sh
@@ -1,4 +1,9 @@
 #!/bin/sh
 
-m4 exim.conf.m4 > exim.conf && exim -bd -q15m -v
+openssl genpkey -algorithm RSA -out tls.key && \
+openssl req -new -key tls.key -out tls.csr -subj "/C=DE/CN=$HOSTNAME" && \
+openssl x509 -req -in tls.csr -signkey tls.key -out tls.crt -days 3650 && \
+chown exim tls.key tls.crt && \
+m4 exim.conf.m4 > exim.conf && \
+exim -bd -q15m -v