Bug#1004537: exim4: Does not reload expiring TLS certificate; clients cannot connect

Harri Suutari hsuutari at gmx.com
Sun Jan 30 08:43:02 GMT 2022 

Package: exim4
Version: 4.92-8+deb10u6
Severity: normal

During long server uptime TLS certificate can expire and clients cannot connect
anymore. For example Let's Encrypt offers only three months valid time for
certificates.

Manual fix if is to restart the server manually or by Cron, but maybe this
should be handled as default by the package configuration.

In Debian I have noticed this bug affecting Exim, Docevot and Ejabberd so far.



-- Package-specific info:
Exim version 4.92 #3 built 01-May-2021 09:42:39
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DANE DKIM DNSSEC Event OCSP PRDR PROXY SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file search path is /etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
Configuration file is /var/lib/exim4/config.autogenerated

-- System Information:
Debian Release: 10.11
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable'), (100, 'buster-fasttrack')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 4.19.0-18-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_DK.utf8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=en_DK.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages exim4 depends on:
ii  debconf [debconf-2.0]  1.5.71+deb10u1
ii  exim4-base             4.92-8+deb10u6
ii  exim4-daemon-heavy     4.92-8+deb10u6

exim4 recommends no packages.

exim4 suggests no packages.

-- debconf information excluded

More information about the Pkg-exim4-maintainers mailing list