[Pkg-exim4-users] configuring an SSL tunnel. Was "daemon_smtp_ports"

Marc Haber mh+pkg-exim4-users at zugschlus.de
Wed Apr 18 08:50:10 UTC 2007

On Tue, Apr 17, 2007 at 04:22:43PM -0700, Easthope wrote:
> At Mon, 9 Apr 2007 09:10:22 +0200 Marc Haber wrote
> mh> How about Section 2.1.4?
> The most important of all the documentation 
> on configuration of exim.

I do not understand what you mean here.

> Richard Feynman's Dictum of Education: begin 
> with the most general concept and progress to 
> the more specific.

This does work when your reading audience wants to learn and
understand. Unfortunately, Debian exim users usually are interested in
neither. Which is why we chose to structure the documentation in order
of "importance" to catch the reader's attention early.

> The documentation for configuring Exim should 
> begin with 2.1.4.  After that, explain the 
> details.

I disagree. The vast majority of exim users on Debian do not need to
know that update-exim4.conf exists in the first place. Their needs can
be satisfied with the debconf stuff.

> mh> See README.Debian chapter 1.1
> This most convenient documentation I've found is 
> "http://www.exim.org/exim-html-4.40/doc/html/spec_toc.html".
> Parameters covered in this chapter.
> "http://www.exim.org/exim-html-4.40/doc/html/spec_14.html"

For most exim users, the upstream docs are way too much. If you get
along with the upstream docs, good for you. Congratulations.

> I haven't found a Debian specific version.

There is none. We expect our users to do some abstraction.

> Which of the parameters gets a "dc_" prefix 
> remains a mystery.

There are no parameters with "dc_" prefix in the exim configuration.
The only file that uses dc_ prefixes is update-exim4.conf.conf, which
is - surprise - the configuration file for update-exim4.conf, and is -
again surprise - documented in the man page for update-exim4.conf.

> mh> I'd suggest setting the SMTP ports on the daemon command line in
> /etc/default/exim4.
> The indirection is killing me!  Which of 
> the upper-case parameters should define the 
> command line parameters?  What quoting is correct?  
> Something such as one of these?
> COMMONOPTIONS='-tls_on_connect_ports = '25 : 1025' -tls-on-connect'
> or
> QUEUERUNNEROPTIONS='tls_on_connect_ports = '25 : 1025' tls-on-connect'
> or
> QFLAGS='-tls_on_connect_ports = "25 : 1025" -tls-on-connect'
> or
> SMTPLISTENEROPTIONS='tls_on_connect_ports = "25 : 1025"
> tls-on-connect'
> ?

Well, you are obviosuly setting options for an SMTP listener, so the
natural variable to use is SMTPLISTENEROPTIONS.

I usually use
SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'
and set
tls_on_connect_ports = 465
in the main configuration.

> Rather than spend hours trying to establish
> a working syntax by trial & error I put 
> these two lines in /etc/exim4/exim4.conf.template
> at the end of the section marked "main/02_exim4-config_options".
> daemon_smtp_ports = 25 : 1025
> tls_on_connect_ports = 1025 
> Then I ran "dpkg-reconfigure exim4-config" again.      

There is more than one way to do it. Yours is one.

> At Mon, 9 Apr 2007 09:11:00 +0200 Marc wrote,
> "Why[ daemon_smtp_ports = '25 : 1025']?"
> Well, I aim for port 25 to receive a connection through 
> my LAN while port 1025 is to receive a connection through
> a legacy-SSL tunnel through the Internet.

As far as I know, there is a dedicated port allocated for
smtp-over-ssl. But of course, you are free to use your own port.

>   The problem was explained more thoroughly in my message to 
>   exim-users at exim.org between the 16th and 22 of March, this year.
> With the above configuration, this line appears in 
> /var/log/exim4/mainlog.
> 2007-04-16 08:34:34 exim 4.63 daemon started: pid=11224, -q30m, 
>   listening for SMTP on port 25 (IPv6 and IPv4) and for SMTPS on port
> 1025 (IPv6 and IPv4)
> (Line broken for legibility.)  At least exim 
> appears to respond to the lines added to 
> exim4.conf.template.

exim4.conf.template is the input file for exim configuration if you
choose non-split configuration in debconf. If you choose split
configuration, input is read from /etc/exim4/conf.d. But this is all
explained in README.Debian.

> After this change, the local MUA continues 
> to work.  Yet the SSL tunnel does not work 
> for sending and there is nothing pertinent 
> in mainlog.

What does "does not work" mean?


Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

More information about the Pkg-exim4-users mailing list