Bug#948573: exim4: TLS not in use. Log spammed with "No server certificate defined; will use a selfsigned one."

Graham Cobb g+debian at cobb.uk.net
Fri Jan 10 11:28:09 GMT 2020

Package: exim4
Version: 4.93-5
Severity: normal

This system recived no mail. Exim is setup to allow mail to be sent to a smarthost
(mostly from daemons but from humans occasionally, like sending a log or config file
to themselves on another system, or reportbug!).

Since a recent upgrade, the log file is spammed with many messages saying:

Warning: No server certificate defined; will use a selfsigned one.

Regenerating the config (this system uses single config) gives the message:

2020-01-10 11:16:32 Warning: No server certificate defined; will use a selfsigned one.
 Suggested action: either install a certificate or change tls_advertise_hosts option

I do not want to create a certificate, nor do I want exim to use a self-signed one.
There are no SMTP listeners running and nothing tries to send email to this system.

I have tried removing the tls_advertise_hosts option completely from the config file
(verifying it is not present in /var/lib/exim4/config.autogenerated).

I have also tried including it in the config as:
 tls_advertise_hosts =

Neither option works - exim still logs these messages.

-- Package-specific info:
Exim version 4.93 #5 built 03-Jan-2020 18:02:33
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DANE DKIM DNSSEC Event OCSP PRDR SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file search path is /etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
# update-exim4.conf uses this file to determine variable values to replace
# the DEBCONFsomethingDEBCONF strings in the configuration template files.
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
# This is a Debian specific file

##GRC dc_smarthost='vranx.home.cobb.me.uk'
# /etc/default/exim4

# 'combined' -	 one daemon running queue and listening on SMTP port
# 'no'       -	 no daemon running the queue
# 'separate' -	 two separate daemons
# 'ppp'      -   only run queue with /etc/ppp/ip-up.d/exim4.
# 'nodaemon' - no daemon is started at all.
# 'queueonly' - only a queue running daemon is started, no SMTP listener.
# setting this to 'no' will also disable queueruns from /etc/ppp/ip-up.d/exim4
# how often should we run the queue
# options common to quez-runner and listening daemon
# more options for the daemon/process running the queue (applies to the one
# started in /etc/ppp/ip-up.d/exim4, too.
# special flags given to exim directly after the -q. See exim(8)
# options for daemon listening on port 25

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_IE.utf8), LANGUAGE=en_IE.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_IE.utf8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages exim4 depends on:
ii  debconf [debconf-2.0]  1.5.73
ii  exim4-base             4.93-5
ii  exim4-daemon-light     4.93-5

exim4 recommends no packages.

exim4 suggests no packages.

-- debconf information:
* exim4/drec:

More information about the Pkg-exim4-maintainers mailing list