Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Florian Weimer
fw at deneb.enyo.de
Mon Jan 30 21:41:49 UTC 2006
* Sven Hartge:
> So, conclusion: No the problem is not the gnutls-params file, but exim4
> using nearly each and every bit of entropy for a _single_ mail.
This is expected and is quite hard to fix properly.
During your tests, did Exim hang?
> Using exim4+openssl does not cause this massive drain of entropy. (I have
> yet to test your patch to see if this also relieves the situation.)
It does not.
> Of course, regenerating the gnutls-params file every day depletes the pool
> even more
I don't think so. The pool is only 4096 bits large, and each
TLS-using delivery process drains 120 * 5 * 8 = 4800 bits from it
(because that's the way libgcrypt initializes its random number
generator). In practice, this is always sufficient for generating a
512-bit RSA key. The problems begin when you're on a high-volume mail
server and the delivery process drain entropy so fast that the key
generation fails to gather the needed number of bits in a reasonable
time period.
More information about the Pkg-exim4-maintainers
mailing list