[exim-dev] [Bug 2545] Allow disabling autogenerated selfsign…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2545] Allow disabling autogenerated selfsigned cert warning
https://bugs.exim.org/show_bug.cgi?id=2545

--- Comment #2 from Andreas Metzler <eximusers@???> ---
(In reply to Jeremy Harris from comment #1)
> The other side of the coin is: if the system is being used as an SMTP
> server then the admin should realise what they're doing and get a
> certificate generated which is traceable to an authority trusted by
> the clients. Otherwise, the clients get only wire-encryption and do
> not get authentication. Thereby, an attacker who has penetrated this
> enclave could manage to spoof being the server, and inspect the mails.


> The obnoxious message is there to point out the situation to the admin.


> There's no single good answer, I think. I'll leave the bug open for other
> comments, but am not currently intending to work on generating a high-quality
> automatic security solution. In my opinion this should be done by distros.


Hello,

I am coming from the distro side. Afaict I have got these choices:
* Use exim's default values. --> obnoxious message
* Disable TLS by default. I did that until exim's upstream default
values changed. I also think encryption with unverifyable certificate
is preferable to no TLS.
* Use a snakeoil certificate. It would not be too difficult to
generate one at install time, _once_. Keeping it working with usable
defaults over time (longer keys, nonbroken algorithms) while not
overwriting user changes gets hard. This just feels like a
complicated fragile way to suppress a warning message.

What we cannot do is throw a warning at install time, or ask a set of
questions to customize the snakeoil certificate. There are already too
many questions and warning at install time.

Also I somehow trust that people setting up exim as a real internet
facing service are not too stupid. This is a complicated minefield and
getting a certificate from letsencrypt and installing it is neither the
most important nor the hardest part. I do not think exim needs to provide
super sensitive handholding here.

cu Andreas

--
You are receiving this mail because:
You are on the CC list for the bug.