Bug#946540: closed by Andreas Metzler <ametzler at bebt.de> (Re: Bug#946540: Revise README.Debian)

Andreas Metzler ametzler at bebt.de
Tue Dec 10 19:20:37 GMT 2019

On 2019-12-10 積丹尼 Dan Jacobson <jidanni at jidanni.org> wrote:
> We read there

>    To avoid the (small) performance issue one can locally create

> No only a (small) performance issue, but a source of warnings. You need
> to mention one will get warnings without doing this step.

Will do.

>    certificates. The exim-gencert script (which requires openssl) can be
>    helpful for this purpose. It is shipped in
>    /usr/share/doc/exim4-base/examples/ and takes care of proper access
>    privileges on the private key file when installing key/certificate in
>    /etc/exim4/.

> OK, but the user doesn't know what to fill in for e.g.,

>     commonName = Server name (eg. ssl.domain.tld; required!!!)
>     commonName_max = 64

If they have a stable they will know. If they do not, there is not
correct response.

> Also apparently when one sees the warning, it means exim "has run the
> script for him" and "run once each time one sends a message" thus
> causing the aforementioned small performance issue, vs. running it once
> per computer's lifetime.

> So apparently, as far as exim connecting to one's ISP, the view from the
> ISP is entirely the same.

The ISP will never see the snakeoil certificate. This is eally only
about the server side, exim *receiving* messages by SMTP.

> Thus for users on their own personal computers, perhaps add a note to
> README, that the warnings can safely be ignored.


cu Andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Pkg-exim4-maintainers mailing list