Re: [exim] setup Exim to improve SMTP performance

Jakob Hirsch a écrit :
> Quoting Olivier Bonvalet:
>
>> I haven't got enough entropy on my servers, and "/dev/random" is
>> "blocking".
>> Now, I'll search to a "true" solution :
>>
>
> Do you really need TLS for sending out your newsletter?
>
> If not: hosts_avoid_tls is expanded, so you could use it for disabling
> TLS when sending out the newsletter (detected by sender address, header,
> subject etc.).
>
You're right : I'll try to disable it, with "hosts_avoid_tls = *".



> If yes: I think there's not much you can do in Exim, it's caused by the
> system itself. You can try to get more entropy, either by using a script
> as the one on the page you posted, or by patching the kernel. As the
> page mentions, there was a change somewhere between 2.6.9 and 2.6.12
> (AFAIR), where the network interface was removed as an entropy source
> for security reasons. I saw a kernel patch to change that back a while ago.
>
I tried some "hacks" which give more entropy, but its work a too short
time. It is why
I replace /dev/random by /dev/urandom.


> Other possible ways are:
> - a hardware RNG, either in the chipset (supported by the kernel) or
> from a cheap microphone (kernel patch available)
> - Entropy Gathering Daemon (EGD) or similar user space tools, must be
> supported by your software (patched openssl?)
No, in my case I really don't think it is a solution. It is rented
dedicated servers, so I can't add
hardware, and don't want have to compile anything (except the kernel).

So, I'll try to switch off TLS :)