Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
exim4 - tls errors
2,044 views
Skip to first unread message
Kamil Jońca
Apr 11, 2016, 1:10:05 AM4/11/16
to
I recently upgraded my box and now I got
--8<---------------cut here---------------start------------->8---
Warning: No server certificate defined; TLS connections will fail.
Suggested action: either install a certificate or change tls_advertise_hosts option
--8<---------------cut here---------------end--------------->8---
with every mail I sent (but mails are delivered)
I tried to set
--8<---------------cut here---------------start------------->8---
tls_advertise_host = !*
--8<---------------cut here---------------end--------------->8---
or remove it completely but with no success.
How can I get rid of this message? (Assuming I'm too lazy to create self
signed cert for this?)
KJ
--
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
Flame on!
-- Johnny Storm
deloptes
Apr 11, 2016, 2:40:04 AM4/11/16
to
Hi,
Kamil Jońca wrote:
>
> I recently upgraded my box and now I got
>
> --8<---------------cut here---------------start------------->8---
> Warning: No server certificate defined; TLS connections will fail.
> Suggested action: either install a certificate or change
> tls_advertise_hosts option
> --8<---------------cut here---------------end--------------->8---
> with every mail I sent (but mails are delivered)
Sure it's delivered because it's just a warning
> I tried to set
>
> --8<---------------cut here---------------start------------->8---
> tls_advertise_host = !*
> --8<---------------cut here---------------end--------------->8---
> or remove it completely but with no success.
> How can I get rid of this message? (Assuming I'm too lazy to create self
> signed cert for this?)
>
> KJ
Try to disable TLS
MAIN_TLS_ENABLE = false
in /etc/exim4/exim4.conf.template
regards
Kamil Jońca wrote:
>
> I recently upgraded my box and now I got
>
> --8<---------------cut here---------------start------------->8---
> Warning: No server certificate defined; TLS connections will fail.
> Suggested action: either install a certificate or change
> tls_advertise_hosts option
> --8<---------------cut here---------------end--------------->8---
> with every mail I sent (but mails are delivered)
> I tried to set
>
> --8<---------------cut here---------------start------------->8---
> tls_advertise_host = !*
> --8<---------------cut here---------------end--------------->8---
> or remove it completely but with no success.
> How can I get rid of this message? (Assuming I'm too lazy to create self
> signed cert for this?)
>
> KJ
MAIN_TLS_ENABLE = false
in /etc/exim4/exim4.conf.template
regards
Elimar Riesebieter
Apr 11, 2016, 7:20:05 AM4/11/16
to
* Kamil Jońca <kjo...@poczta.onet.pl> [2016-04-11 06:43 +0200]:
> tls_advertise_host = !*
I've tls_advertise_hosts = * and it works.
Elimar
--
On the keyboard of life you have always
to keep a finger at the escape key;-)
> tls_advertise_host = !*
I've tls_advertise_hosts = * and it works.
Elimar
--
On the keyboard of life you have always
to keep a finger at the escape key;-)
Jörg-Volker Peetz
Apr 11, 2016, 10:10:06 AM4/11/16
to
Hi KJ,
depending on which configuration scheme is used for exim4 (splitted config or
not) the file to be changed is different.
So either edit both locations (/etc/exim4/exim4.conf.template and a file in
/etc/exim4/conf.d) or make sure which scheme is used. To find out command
grep -A2 'exim4/use_split_config' /var/cache/debconf/config.dat
and see what the line beginning with "Value:" says.
After configuration changes don't forget to execute "update-exim4.conf" as root.
The default configuration has
tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS
and
MAIN_TLS_ADVERTISE_HOSTS = *
See /etc/exim4/exim4.conf.template and
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions.
Maybe there are local modifications in your configuration files. Then the update
should've stored new config files with ".dpkg-dist" or something added to their
normal names.
Regards,
jvp.
depending on which configuration scheme is used for exim4 (splitted config or
not) the file to be changed is different.
So either edit both locations (/etc/exim4/exim4.conf.template and a file in
/etc/exim4/conf.d) or make sure which scheme is used. To find out command
grep -A2 'exim4/use_split_config' /var/cache/debconf/config.dat
and see what the line beginning with "Value:" says.
After configuration changes don't forget to execute "update-exim4.conf" as root.
The default configuration has
tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS
and
MAIN_TLS_ADVERTISE_HOSTS = *
See /etc/exim4/exim4.conf.template and
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions.
Maybe there are local modifications in your configuration files. Then the update
should've stored new config files with ".dpkg-dist" or something added to their
normal names.
Regards,
jvp.
Kamil Jońca
Apr 11, 2016, 10:00:04 PM4/11/16
to
deloptes <delo...@gmail.com> writes:
>
> Try to disable TLS
>
> MAIN_TLS_ENABLE = false
>
> in /etc/exim4/exim4.conf.template
Wrong. It was not defined, and this caused all tls_* options were unset
>
> Try to disable TLS
>
> MAIN_TLS_ENABLE = false
>
> in /etc/exim4/exim4.conf.template
(tls_advertise_hosts in particular)
nevermind.
1. I used /usr/share/doc/exim4-base/examples/exim-gencert to generate
certs.
and set MAIN_TLS_ENABLE=true
and seems to work.
2. I tried also set
MAIN_TLS_ENABLE=true
and tls_advertise_hosts = !*
but still were warnings.
A I missing something?
KJ
--
http://wolnelektury.pl/wesprzyj/teraz/
When a fellow says, "It ain't the money but the principle of the thing,"
it's the money.
-- Kim Hubbard
deloptes
Apr 12, 2016, 3:40:04 PM4/12/16
to
Kamil Jońca wrote:
> A I missing something?
its not clear if you tried to set to false, but I assume yes. I also assume
you restarted after setting the option to false/true
in main/03_exim4-config_tlsoptions you have this
# TLS/SSL configuration for exim as an SMTP server.
# See /usr/share/doc/exim4-base/README.Debian.gz for explanations.
.ifdef MAIN_TLS_ENABLE
# Defines what hosts to 'advertise' STARTTLS functionality to. The
# default, *, will advertise to all hosts that connect with EHLO.
.ifndef MAIN_TLS_ADVERTISE_HOSTS
MAIN_TLS_ADVERTISE_HOSTS = *
.endif
...
...
...
So either I have some older exim version or something is wrong there, but
unvisible because most of us use TLS.
Setting MAIN_TLS_ENABLE=false should skip the whole block of settings.
regards
> A I missing something?
its not clear if you tried to set to false, but I assume yes. I also assume
you restarted after setting the option to false/true
in main/03_exim4-config_tlsoptions you have this
# TLS/SSL configuration for exim as an SMTP server.
# See /usr/share/doc/exim4-base/README.Debian.gz for explanations.
.ifdef MAIN_TLS_ENABLE
# Defines what hosts to 'advertise' STARTTLS functionality to. The
# default, *, will advertise to all hosts that connect with EHLO.
.ifndef MAIN_TLS_ADVERTISE_HOSTS
MAIN_TLS_ADVERTISE_HOSTS = *
.endif
...
...
...
So either I have some older exim version or something is wrong there, but
unvisible because most of us use TLS.
Setting MAIN_TLS_ENABLE=false should skip the whole block of settings.
regards
Kamil Jońca
Apr 22, 2016, 2:30:04 AM4/22/16
to
kjo...@poczta.onet.pl (Kamil Jońca) writes:
some background
1. with exim 4.87 tls_advertise_hosts defaults to *.
2. also MAIN_TLS_ADVERTISE_HOSTS (main/03_exim4-config_tlsoptions)
3. to get rid this message (excet to create certificate)
tls_advertise_hosts should be _empty_.
so set
--8<---------------cut here---------------start------------->8---
MAIN_TLS_ADVERTISE_HOSTS= ""
--8<---------------cut here---------------end--------------->8---
works.
Yes, I should read exim documentation earlier. :)
KJ
--
http://wolnelektury.pl/wesprzyj/teraz/
Answer a fool according to his folly, lest he be wise in his own conceit.
-- Proverbs, 26:5
some background
1. with exim 4.87 tls_advertise_hosts defaults to *.
2. also MAIN_TLS_ADVERTISE_HOSTS (main/03_exim4-config_tlsoptions)
3. to get rid this message (excet to create certificate)
tls_advertise_hosts should be _empty_.
so set
--8<---------------cut here---------------start------------->8---
MAIN_TLS_ADVERTISE_HOSTS= ""
--8<---------------cut here---------------end--------------->8---
works.
Yes, I should read exim documentation earlier. :)
KJ
--
http://wolnelektury.pl/wesprzyj/teraz/
Answer a fool according to his folly, lest he be wise in his own conceit.
-- Proverbs, 26:5
deloptes
Apr 23, 2016, 3:00:05 AM4/23/16
to
Kamil Jońca wrote:
> kjo...@poczta.onet.pl (Kamil Jońca) writes:
>
> some background
> 1. with exim 4.87 tls_advertise_hosts defaults to *.
> 2. also MAIN_TLS_ADVERTISE_HOSTS (main/03_exim4-config_tlsoptions)
> 3. to get rid this message (excet to create certificate)
> tls_advertise_hosts should be _empty_.
>
> so set
> --8<---------------cut here---------------start------------->8---
> MAIN_TLS_ADVERTISE_HOSTS= ""
> --8<---------------cut here---------------end--------------->8---
> works.
>
> Yes, I should read exim documentation earlier. :)
>
> KJ
>
This is not exactly correct. As statedbefore setting MAIN_TLS_ENABLE=false
> kjo...@poczta.onet.pl (Kamil Jońca) writes:
>
> some background
> 1. with exim 4.87 tls_advertise_hosts defaults to *.
> 2. also MAIN_TLS_ADVERTISE_HOSTS (main/03_exim4-config_tlsoptions)
> 3. to get rid this message (excet to create certificate)
> tls_advertise_hosts should be _empty_.
>
> so set
> --8<---------------cut here---------------start------------->8---
> MAIN_TLS_ADVERTISE_HOSTS= ""
> --8<---------------cut here---------------end--------------->8---
> works.
>
> Yes, I should read exim documentation earlier. :)
>
> KJ
>
should skip the whole block of settings related to SSL/TLS.
No idea why you should touch the supplementary config files.
regards
Kamil Jońca
Apr 24, 2016, 11:20:05 AM4/24/16
to
exim acts as client. But I do not want tls when my clients connect to
exim.(Its a home machine configured to use smarthosts)
KJ
--
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
We are so fond of each other because our ailments are the same.
-- Jonathan Swift
deloptes
Apr 24, 2016, 5:10:05 PM4/24/16
to
Kamil Jońca wrote:
> deloptes <delo...@gmail.com> writes:
>
>> Kamil Jońca wrote:
>>
>>> kjo...@poczta.onet.pl (Kamil Jońca) writes:
>>>
>>> some background
>>> 1. with exim 4.87 tls_advertise_hosts defaults to *.
>>> 2. also MAIN_TLS_ADVERTISE_HOSTS (main/03_exim4-config_tlsoptions)
>>> 3. to get rid this message (excet to create certificate)
>>> tls_advertise_hosts should be _empty_.
>>>
>>> so set
>>> --8<---------------cut here---------------start------------->8---
>>> MAIN_TLS_ADVERTISE_HOSTS= ""
>>> --8<---------------cut here---------------end--------------->8---
>>> works.
>>>
>>> Yes, I should read exim documentation earlier. :)
>>>
>>> KJ
>>>
>>
>> This is not exactly correct. As statedbefore setting
>> MAIN_TLS_ENABLE=false should skip the whole block of settings related to
>> SSL/TLS. No idea why you should touch the supplementary config files.
>
> Because I do not want to disable tls completly - I want to use tls whe
> exim acts as client. But I do not want tls when my clients connect to
> exim.(Its a home machine configured to use smarthosts)
>
> KJ
>
OK, but in this case you keep MAIN_TLS_ENABLE=true and look in that below
> deloptes <delo...@gmail.com> writes:
>
>> Kamil Jońca wrote:
>>
>>> kjo...@poczta.onet.pl (Kamil Jońca) writes:
>>>
>>> some background
>>> 1. with exim 4.87 tls_advertise_hosts defaults to *.
>>> 2. also MAIN_TLS_ADVERTISE_HOSTS (main/03_exim4-config_tlsoptions)
>>> 3. to get rid this message (excet to create certificate)
>>> tls_advertise_hosts should be _empty_.
>>>
>>> so set
>>> --8<---------------cut here---------------start------------->8---
>>> MAIN_TLS_ADVERTISE_HOSTS= ""
>>> --8<---------------cut here---------------end--------------->8---
>>> works.
>>>
>>> Yes, I should read exim documentation earlier. :)
>>>
>>> KJ
>>>
>>
>> This is not exactly correct. As statedbefore setting
>> MAIN_TLS_ENABLE=false should skip the whole block of settings related to
>> SSL/TLS. No idea why you should touch the supplementary config files.
>
> Because I do not want to disable tls completly - I want to use tls whe
> exim acts as client. But I do not want tls when my clients connect to
> exim.(Its a home machine configured to use smarthosts)
>
> KJ
>
in /etc/exim4/exim4.conf.template
it means that if you add the variable MAIN_TLS_ADVERTISE_HOSTS in the
beginning of your conf.template with MAIN_TLS_ADVERTISE_HOSTS = "" it would
handle it as not set and set to *.
# Defines what hosts to 'advertise' STARTTLS functionality to. The
# default, *, will advertise to all hosts that connect with EHLO.
.ifndef MAIN_TLS_ADVERTISE_HOSTS
MAIN_TLS_ADVERTISE_HOSTS = *
.endif
if this is your case it might be worth talking to the exim4 folks and
perhaps raise a CR based on your case
regards
0 new messages