Bug#591261: exim4: Certificate based verification does not work.
Jon Westgate
oryn at fsck.tv
Sun Aug 1 15:33:23 UTC 2010
Package: exim4
Version: 4.72-1
Severity: important
Tags: upstream
I have been asked to setup an exim4 server for use with CJSM. https://www.cjsm.net
This requires that a server (acting as a smart host in this case) encrypt and sign all emails headed for CJSM.
This is something that according to exim.org, exim should ba capeable of doing.
After struggling with this for a number of days I came accross a blog entry on the web saying that exim compiled against openssl seemed to work where as exim compiled against gnutls didn't.
I recompiled and hey presto everything works.
I'm not campaining for openssl to be the default in exim, just mearly registering the fact that
both tls_try_verify_hosts and tls_verify_hosts directives fail with this package.
Indeed exim as a client does not send a certificate when asked for one.
I have no idea what is being sent but wireshark shows less charactors with the gnutls than with openssl.
I'm sorry I'm not a programmer so its unlikely I'll be submitting any patches.
Maybe exim4-daemon-heavy-openssl should be placed in non-free till all the licensing stuff blows over.
Regards
Jon Westgate (Oryn)
-- Package-specific info:
Exim version 4.72 #1 built 03-Jun-2010 18:16:45
Copyright (c) University of Cambridge, 1995 - 2007
Berkeley DB: Berkeley DB 4.8.30: (April 9, 2010)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
GnuTLS compile-time version: 2.8.6
GnuTLS runtime version: 2.8.6
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file
dc_eximconfig_configtype='local'
dc_other_hostnames='Osiris.fsck.tv'
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:Osiris.fsck.tv
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.34.1 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages exim4 depends on:
ii debconf [debconf-2.0] 1.5.33 Debian configuration management sy
ii exim4-base 4.72-1 support files for all Exim MTA (v4
ii exim4-daemon-light 4.72-1 lightweight Exim MTA (v4) daemon
exim4 recommends no packages.
exim4 suggests no packages.
-- debconf information excluded
More information about the Pkg-exim4-maintainers
mailing list