Bug#410756: exim4 default config utterly useless for 98% of users

Marc Haber mh+debian-packages at zugschlus.de
Tue Feb 13 11:29:32 CET 2007 

On Tue, Feb 13, 2007 at 01:28:23AM -0800, prosolutions at gmx.net wrote:
> First debconf question: "Please choose a level of configuration.  For
> most users setting up mail to work with their ISP's mail server the
> "Simple" method should be sufficient.  Choose "Advanced" if you are
> setting up your own mailer or intend to do things like mail relaying.

That'd mean doubling the work to maintain the configuration. Since I
already spend way tooo much time with exim4, this is unlikely to
happen until the Debian exim4 team gets an external offer to maintain
the additional configuration stuff.

>    (At this point would it be a good idea to do a HELO or EHLO of the
>     server to probe its capabilities? 

That would mean leaving the user in the cold rain should the ISPs mail
server ever change its capabilities. I have seen cases where the ISPs
mail server name was an alias to different machines that were not even
running the same software.

>  If so, subsequent questions could be like "This server appears to
>  support TLS encryption, should it be used?" But based on your comment
>  below it should use TLS if available.

TLS as a client is always used when available. You can trust the docs.
http://pkg-exim4.alioth.debian.org/README/README.Debian.html#TLS

>   However, based on this doc:
>   http://www.debian-administration.org/articles/280 it seemed that one
>   has to create /etc/exim4/exim4.conf.localmacros and add
>   "MAIN_TLS_ENABLE = true" to it to get TLS.

The document cited talks about enabling exim4 to support TLS as a
server, which is a tad more complex since a TLS server needs a
certificate.
http://pkg-exim4.alioth.debian.org/README/README.Debian.html#TLS

>     I do not know enough about CRAM-MD5 and the merits of using or not
>     using it or other auth mechanisms, only that it would of course be
>     preferable to have it used when TLS is not available.

I disagree here. Unless an unencrypted wireless LAN is used, I find it
much more dangerous to have the SMTP passwort stored on the client as
clear text.

>   I don't have any hard data about how many smarthosts don't support
>   TLS but do support CRAM-MD5 but I think the number is high based on
>   my experience. Again, this is all relative to whether TLS or an
>   encrypted auth mechanism would simply be used if they are detected.

TLS is always used if available, CRAM-MD5 is used when a clear text
password is available. I am not sure which client authenticator takes
precedence should both clear text and crypted password be available.

> Re: having a more simply named command to access the configuration,
> didn't Exim v.3 have it (eximconfig or something like that)?  Not sure 
> why it did not continue with v.4.

Exim v.3 is not policy compliant in this regard. Debconf configuration
is mandatory these days.

> Re: the "Hide local mail name in outgoing mail" If this is answered
> "No" it is definitely a problem with gmx.net which will reject the
> mail.

GMX imposes many additional hardships on their users. I am not going
to special-case them.

> Why isn't it possible for Exim to know that, if its sending an outgoing
> message through a smarthost (as opposed to local mail) that it should
> set the envelope From: accordingly?

Because there are many cases where this is undesireable. For example,
rewriting the envelope makes it harder to trace back the message to
the originating system. In other cases, it is important that the
envelope generated by the original client stays unmangled.

> nbsmtp, as simple as it is, works every time with every ISP mailer, once
> you know the server name, your credentials, and the type of auth
> mechanism to use.

Please, go ahead, and use nbsmtp.

>   Why should Exim be more complicated than this for the end user?

Because it has always been that way. I do not intend to break working
setups to support GMX' broken setup.

> Getting back to the original debconf question "Hide local mail name in
> outgoing mail" I think that it should not be necessary to ask this, as
> nbsmtp, a much simpler program, does not have to ask it.

Give better arguments.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

More information about the Pkg-exim4-maintainers mailing list