The subject line describes how I am using exim4. The smarthost
needs tls for one to log in and send a message from the local
system to the big wide world. By reading this message, you see
it's working but I am trying to fix what is becoming a real
annoyance to put it mildly.
About 2/3 or more of the log consists of 2 long lines
which are:
2019-07-09 10:55:20 Warning: No server certificate defined; will use a selfsigned one.
Suggested action: either install a certificate or change tls_advertise_hosts option
From reading /usr/share/doc/exim4-base/README.Debian.gz
this appears to come from advertising one's tls credentials to
those who want to connect to this system to deliver mail using
tls authentication. The number of such hosts is 0 as mail is
received by fetchmail and only local mail ever comes in to exim4
such as when a local process on the sistem generates output.
It looks like I can turn off the advertising of tls
capability since what really happens here is the ISP sends me a
certificate and I use that to generate the encrypted channel on
which I send the traffic such as this message.
I began looking for some way to turn off
tls_advertise_hosts and it is not obvious.
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions has the
definition all right but how do you undefine it and is there
another way in debian to do this?
I commented out the line that appeared to define it and
nothing bad happened and, you guessed it, the very first message
when exim4 came back after dpkg-reconfigure was the current time
stamp followed by
"Warning: No server certificate defined; will use a selfsigned one."
It's like the current theory about dark matter being 70% of the
universe.
I say all this with a bit of a smile because this message
is performing a useful service so it needs to be there but I get
the message. Is there a way to turn it off without installing
certificates which will never be used?
Basically, how do we turn off modules which are not being used
without causing exim to fail to do what it is doing that is
useful?
Thank you and the readme document was much appreciated.
Martin McCormick