Bug#946540: closed by Andreas Metzler <ametzler at bebt.de> (Re: Bug#946540: Revise README.Debian)

積丹尼 Dan Jacobson jidanni at jidanni.org
Tue Dec 10 18:47:28 GMT 2019

We read there

   To avoid the (small) performance issue one can locally create

No only a (small) performance issue, but a source of warnings. You need
to mention one will get warnings without doing this step.

   certificates. The exim-gencert script (which requires openssl) can be
   helpful for this purpose. It is shipped in
   /usr/share/doc/exim4-base/examples/ and takes care of proper access
   privileges on the private key file when installing key/certificate in

OK, but the user doesn't know what to fill in for e.g.,

    commonName = Server name (eg. ssl.domain.tld; required!!!)
    commonName_max = 64

Also apparently when one sees the warning, it means exim "has run the
script for him" and "run once each time one sends a message" thus
causing the aforementioned small performance issue, vs. running it once
per computer's lifetime.

So apparently, as far as exim connecting to one's ISP, the view from the
ISP is entirely the same. So the user might as well choose to let the
warnings fill up mainlog, rather that trying to learn how to install all
this certificate stuff.

Thus for users on their own personal computers, perhaps add a note to
README, that the warnings can safely be ignored.

More information about the Pkg-exim4-maintainers mailing list