Bug#677826: TLS certificate not used for smarthost transport by default
Ben Hutchings
ben at decadent.org.uk
Sun Jun 17 03:02:17 UTC 2012
Package: exim4-config
Version: 4.80-3
Severity: normal
Tags: patch
The configured (or default) TLS certificate and private key are not
used for a smarthost transport.
The following patch fixes this for me, but I don't know that it is
generally correct. By the point this fragment is read all the
MAIN_TLS_* macros seem to become undefined. The patch defines some of
them again, but I think it can only work for the default certificate
and private key locations. I don't know whether the disappearing
macros are a bug in exim4 itself or a subtlety of scoping in the
configuration file. Either way, it's very confusing.
Ben.
--- a/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost
+++ b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost
@@ -6,6 +6,13 @@
# to a smarthost. The local host tries to authenticate.
# This transport is used for smarthost and satellite configurations.
+.ifndef MAIN_TLS_CERTIFICATE
+MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
+.endif
+.ifndef MAIN_TLS_PRIVATEKEY
+MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
+.endif
+
remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
@@ -30,3 +37,9 @@
.ifdef TLS_DH_MIN_BITS
tls_dh_min_bits = TLS_DH_MIN_BITS
.endif
+.ifdef MAIN_TLS_CERTKEY
+ tls_certificate = MAIN_TLS_CERTKEY
+.else
+ tls_certificate = MAIN_TLS_CERTIFICATE
+ tls_privatekey = MAIN_TLS_PRIVATEKEY
+.endif
--- END ---
-- Package-specific info:
Exim version 4.80 #3 built 08-Jun-2012 13:17:31
Copyright (c) University of Cambridge, 1995 - 2012
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2012
Berkeley DB: Berkeley DB 5.1.29: (October 25, 2011)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
dc_eximconfig_configtype='satellite'
dc_other_hostnames=''
dc_local_interfaces='127.0.0.1'
dc_readhost='decadent.org.uk'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost='mail.decadent.org.uk::587'
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname='true'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:decadent.org.uk
-- System Information:
Debian Release: wheezy/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages exim4-config depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.43
exim4-config recommends no packages.
exim4-config suggests no packages.
-- debconf information:
* exim4/dc_smarthost: mail.decadent.org.uk::587
exim4/dc_relay_domains:
exim4/dc_relay_nets:
* exim4/mailname: decadent.org.uk
exim4/dc_localdelivery: mbox format in /var/mail/
* exim4/dc_local_interfaces: 127.0.0.1
* exim4/dc_minimaldns: false
* exim4/dc_other_hostnames:
* exim4/dc_eximconfig_configtype: mail sent by smarthost; no local mail
exim4/no_config: true
exim4/hide_mailname: true
exim4/dc_postmaster: ben
* exim4/dc_readhost: decadent.org.uk
* exim4/use_split_config: false
exim4/exim4-config-title:
More information about the Pkg-exim4-maintainers
mailing list