Author: Jakob Hirsch Date: To: Olivier Bonvalet CC: exim-users Subject: Re: [exim] setup Exim to improve SMTP performance
Quoting Olivier Bonvalet:
> I haven't got enough entropy on my servers, and "/dev/random" is
> "blocking".
> Now, I'll search to a "true" solution :
Do you really need TLS for sending out your newsletter?
If not: hosts_avoid_tls is expanded, so you could use it for disabling
TLS when sending out the newsletter (detected by sender address, header,
subject etc.).
If yes: I think there's not much you can do in Exim, it's caused by the
system itself. You can try to get more entropy, either by using a script
as the one on the page you posted, or by patching the kernel. As the
page mentions, there was a change somewhere between 2.6.9 and 2.6.12
(AFAIR), where the network interface was removed as an entropy source
for security reasons. I saw a kernel patch to change that back a while ago.
Other possible ways are:
- a hardware RNG, either in the chipset (supported by the kernel) or
from a cheap microphone (kernel patch available)
- Entropy Gathering Daemon (EGD) or similar user space tools, must be
supported by your software (patched openssl?)