Re: [exim] www.rellits.com ssl tutorial worked for courier, …

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Tommy Butler
Date:  
À: Christian Stiller
CC: exim-users
Sujet: Re: [exim] www.rellits.com ssl tutorial worked for courier, butnot exim
Christian Stiller wrote:

> Tommy Butler wrote:
>
>> Using the great tutorial/howto for self-signed SSL certs to use with
>> courier MTA and courier IMAP MTA worked just great! Only problem is
>> that exim doesn't work with the certs. I'm using exim4. Does the
>> howto at http://www.rellits.com/rellits/exim.html only work for
>> exim3?? What am I doing wrong?
>
> I didn't see the cert file being referenced in your config.
> Try somthing like
>
> tls_certificate = /etc/ssl/certs/smtp.pem
> tls_advertise_hosts = *
>
> in your main section. Once you have done that, you should be able to use
> SSL. Then you can add soemthing like
>
> accept  authenticated = *
>         encrypted = *

>
> in the ACL to only accept authentication if it was encrypted.
> (both those things should have been in the howto)
> If that doesn't work, let us know what error / message you get...


Where do I put this in my config? My exim installation (on Debian
sarge) uses the /etc/conf.d/ directory configuration style. I don't
understand how the configuration files get patched together when I run
update-exim4.conf. All I know is that somehow they get conglomerated
into /var/lib/exim4/config.autogenerated

I thought I did the right thing when I edited
conf.d/main/03_exim-4config_tlsoptions...

$ pwd
/etc/exim4
$ grep -ri pem *
conf.d/main/03_exim4-config_tlsoptions:tls_certificate =
/etc/ssl/certs/smtp.pem
conf.d/main/03_exim4-config_tlsoptions:tls_privatekey =
/etc/ssl/private/mail.cityairlines.net.key.nopass.pem

I'm bewildered. In order to help everyone see my actual config, I tar
-czf'ed my config into http://cityairlines.net/conf.d.tgz

Can anyone tell what's wrong with my setup, and tell me how to fix it?
Wow, I really appreciate all the high quality help I've had so far.
Exim is very well supported by it's community. (Whether large or small,
it's the quality of the help that makes software usable or not, imho.)

--
Tommy Butler
tommy@??? <mailto:tommy@atrixnet.com>