Bug#946540: closed by Andreas Metzler <ametzler at bebt.de> (Re: Bug#946540: Revise README.Debian)
Andreas Metzler
ametzler at bebt.de
Tue Dec 10 19:20:37 GMT 2019
On 2019-12-10 積丹尼 Dan Jacobson <jidanni at jidanni.org> wrote:
> We read there
> To avoid the (small) performance issue one can locally create
> No only a (small) performance issue, but a source of warnings. You need
> to mention one will get warnings without doing this step.
Will do.
> certificates. The exim-gencert script (which requires openssl) can be
> helpful for this purpose. It is shipped in
> /usr/share/doc/exim4-base/examples/ and takes care of proper access
> privileges on the private key file when installing key/certificate in
> /etc/exim4/.
> OK, but the user doesn't know what to fill in for e.g.,
> commonName = Server name (eg. ssl.domain.tld; required!!!)
> commonName_max = 64
If they have a stable they will know. If they do not, there is not
correct response.
> Also apparently when one sees the warning, it means exim "has run the
> script for him" and "run once each time one sends a message" thus
> causing the aforementioned small performance issue, vs. running it once
> per computer's lifetime.
> So apparently, as far as exim connecting to one's ISP, the view from the
> ISP is entirely the same.
The ISP will never see the snakeoil certificate. This is eally only
about the server side, exim *receiving* messages by SMTP.
[...]
> Thus for users on their own personal computers, perhaps add a note to
> README, that the warnings can safely be ignored.
Ok.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-exim4-maintainers
mailing list