Andreas Metzler via Exim-users <exim-users@???> writes:
> Where is the key?
/etc./exim4/exim.key
> file:///usr/share/doc/exim4-base/README.Debian.html#TLS says
> "install the key in /etc/exim4/exim.key and the certificate in
> /etc/exim4/exim.crt."
>
The certificate is in
/etc/exim4/exim.crt so the key and the certificate appear to be
in their correct locations.
> Stop exim, as root start exim with
> /usr/sbin/exim4 -bd -d+all 2>&1 | tee ~/exim.debug
> connect to this daemon with
> swaks -s localhost -tls -q ehlo
>
> And then look at ~/exim.debug.
11:38:57 5940 Exim version 4.92 uid=0 gid=0 pid=5940 D=fff9ffff
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DANE DKIM DNSSEC Event OCSP PRDR SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Compiler: GCC [8.3.0]
Library version: Glibc: Compile: 2.28
Runtime: 2.28
Library version: BDB: Compile: Berkeley DB 5.3.28: (September 9, 2013)
Runtime: Berkeley DB 5.3.28: (September 9, 2013)
Library version: GnuTLS: Compile: 3.6.7
Runtime: 3.6.7
Library version: PCRE: Compile: 8.39
Runtime: 8.39 2016-06-14
11:38:57 5940 Total 13 lookups
WHITELIST_D_MACROS: "OUTGOING"
TRUSTED_CONFIG_LIST: "/etc/exim4/trusted_configs"
11:38:57 5940 changed uid/gid: forcing real = effective
11:38:57 5940 uid=0 gid=0 pid=5940
11:38:57 5940 auxiliary group list: <none>
11:38:57 5940 seeking password data for user "uucp": cache not available
11:38:57 5940 getpwnam() succeeded uid=10 gid=10
11:38:57 5940 LOG: MAIN
11:38:57 5940 Warning: No server certificate defined; will use a selfsigned one.
11:38:57 5940 Suggested action: either install a certificate or change tls_advertise_hosts option
11:38:57 5942 changed uid/gid: calling tls_validate_require_cipher
11:38:57 5942 uid=105 gid=109 pid=5942
11:38:57 5942 auxiliary group list: <none>
11:38:57 5940 tls_validate_require_cipher child 5942 ended: status=0x0
11:38:57.352 5940 configuration file is /var/lib/exim4/config.autogenerated
11:38:57.352 5940 log selectors = ffffffff dffffffb ffffffff
11:38:57.352 5940 cwd=/home/martin/tmp 3 args: /usr/sbin/exim4 -bd -d+all
11:38:57.352 5940 trusted user
11:38:57.352 5940 admin user
11:38:57.353 5940 seeking password data for user "mail": cache not available
11:38:57.353 5940 getpwnam() succeeded uid=8 gid=8
11:38:57.355 5940 ┌considering: $1
11:38:57.355 5940 ├──expanding: $1
11:38:57.356 5940 └─────result: root
11:38:57.356 5940 user name "root" extracted from gecos field "root"
11:38:57.356 5940 originator: uid=0 gid=0 login=root name=root
11:38:57.357 5940 listening on 127.0.0.1 port 25
11:38:57.358 5940 pid written to /run/exim4/exim.pid
11:38:57.366 5940 changed uid/gid: running as a daemon
11:38:57.366 5940 uid=105 gid=109 pid=5940
11:38:57.366 5940 auxiliary group list: 109
11:38:57.367 5940 LOG: MAIN
11:38:57.367 5940 exim 4.92 daemon started: pid=5940, no queue runs, listening for SMTP on [127.0.0.1]:25
11:38:57.367 5940 set_process_info: 5940 daemon(4.92): no queue runs, listening for SMTP on [127.0.0.1]:25
11:38:57.367 5940 daemon running with uid=105 gid=109 euid=105 egid=109
11:38:57.368 5940 Listening...
Shouldn't TLS be in the list of Authenticators?
I also could not connect with
swaks -s localhost -tls -q ehlo
Martin
