Re: [exim] TLS configuration

Top Pagina
Delete this message
Reply to this message
Auteur: Phil Pennock
Datum:  
Aan: John ffitch
CC: exim-users
Onderwerp: Re: [exim] TLS configuration
On 2013-01-29 at 20:27 +0000, John ffitch wrote:
> exim4 sounds like Debian


In fact, Raymond said Ubuntu 12.0.4 and I quoted that.

But Exim can come from normal package repos, backport repos, and since
Baruwa was mentioned and they provide a repo but I can't see what's in
that repo (without installing a Deb system and adding them as a source)
I don't know if a different Exim is in there.

I did try a quick Google search to find which version of Exim is
included with Ubuntu by default, but there were no relevant results
within a minute of searching, so I gave up: when asking for help from
others, it's not long-term beneficial to reward missing information by
doing a lot of work for free to make up for it.

> On Tue, 29 Jan 2013, Phil Pennock wrote:
> > On 2013-01-29 at 11:53 -0600, Raymond Norton wrote:
> >> (Ubuntu 12.0.4 - Exim4 -Baruwa 2.0.0)


http://packages.ubuntu.com/precise/mail/exim4

By _default_, security updates for 12.0.4 will supply 4.76-3ubuntu3.1;
_if_ that version is the one in use, then the old-style Exim-specific
GnuTLS configuration directives are in use.

The old docs included, as an *example* of how to use those directives,
this:

tls_require_ciphers = !ARCFOUR

If you do that, then yes, Google won't deliver to you over TLS.

Google use RC4-SHA, which OpenSSL calls SSL_RSA_WITH_RC4_128_SHA, which
might help with determining if gnutls_require_kx or the like is set
badly.

The Exim web-site has copies of the Specification for many old versions
of Exim, so more details can be found at:

http://www.exim.org/exim-html-4.76/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html

-Phil