[Pkg-exim4-users] Exim4 TLS and relaying

Yan Seiner yan at seiner.com
Sun Oct 27 17:00:33 UTC 2013 

(Sorry Andreas)

Andreas Metzler wrote:
> Yan Seiner <yan at seiner.com> wrote:
>   
>> I am trying to set up up exim4.  I have been running exim4 successfully 
>> on a very, very old server and rather than trying to migrate my obsolete 
>> configuration I am trying to set it up from scratch.
>>     
>
>   
>> At the top of /etc/exim4/exim4.conf.template I have:
>>     
>
>   
>> MAIN_TLS_ENABLE = true
>> MAIN_TLS_CERTIFICATE = /etc/ssl/certs/mail_seiner_com.pem
>>     
>
> You seem to be missing a corresponding setting for the correct key for
> certificate.
>
>   
I got that figured out.  Now I am stuck on a Base64 error:

09:41:23  7985 SMTP>> 250-mail.seiner.com Hello localhost.seiner.lan
[127.0.0.1]
09:41:23  7985 250-SIZE 52428800
09:41:23  7985 250-PIPELINING
09:41:23  7985 250-STARTTLS
09:41:23  7985 250 HELP
09:41:23  7985 SMTP<< STARTTLS
09:41:23  7985 initializing GnuTLS as a server
09:41:23  7985 read D-H parameters from file
09:41:23  7985 initialized D-H parameters
09:41:23  7985 certificate file =
/etc/ssl/localkeys/mail.seiner.com/mail.seiner.com.key
09:41:23  7985 key file =
/etc/ssl/localkeys/mail.seiner.com/mail.seiner.com.key
09:41:23  7985 LOG: MAIN
09:41:23  7985   TLS error on connection from localhost.seiner.lan
(NewMoon.seiner.lan) [127.0.0.1] (cert/key setup:
cert=/etc/ssl/localkeys/mail.seiner.com/mail.seiner.com.key
key=/etc/ssl/localkeys/mail.seiner.com/mail.seiner.com.key): Base64
decoding error.
09:41:23  7985 SMTP>> 454 TLS currently unavailable
09:41:23  7985 SMTP<< QUIT
09:41:23  7985 SMTP>> 221 mail.seiner.com closing connection
09:41:23  7985 LOG: smtp_connection MAIN
09:41:23  7985   SMTP connection from localhost.seiner.lan
(NewMoon.seiner.lan) [127.0.0.1] closed by QUIT

The key that exim is complaining about checks out with certtool -k and
gnutls-serv + gnutls-cli...

This seems to be an old bug that's been around since at least 2007 - but
I have not found a solution.

>> In /etc/exim4/conf.d/auth/30_exim4-config_examples I have:
>>     
>
>   
>> plain_server:
>>   driver = plaintext
>>   public_name = PLAIN
>>   server_condition           = ${if pam{$auth2:${sg{$auth3}{:}{::}} 
>> }{true}{false}}
>>   server_advertise_condition = ${if eq{$tls_cipher}{}{false}{true}}
>>   server_set_id = $auth2
>>   server_prompts = :
>>     
> [...]
>
> Do not try to use PAM for authentication. See the respective entry in
> /usr/share/doc/exim4-base/README.Debian.html
>   
OK will do.

>
> Exim 4.76? I thought you were setting up a new exim installation with
> current Debian packages.
>
> cu Andreas
>   
Hehe.  That's what ubuntu 12.04 ships with.

-- 
Project Management Consulting and Training
http://www.ridgelineconsultingllc.com

More information about the Pkg-exim4-users mailing list