Re: [exim] The No Certificate Warning and the Right Way to S…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMartin McCormick at <-
MMartin McCormick at ->
Delete this message
Reply to this message
Author: Andrew C Aitchison
Date:  
To: Martin McCormick
CC: exim-users
Subject: Re: [exim] The No Certificate Warning and the Right Way to Stop it
On Mon, 16 May 2022, Martin McCormick via Exim-users wrote:

> Jeremy Harris via Exim-users <exim-users@???> writes:
>> What is the output of "exim4 -bP tls_certificate tls_privatekey" ?
>
> This is a followup to that question. As I previously reported,
> neither of those variables are set even though I went through the
> motions of making those files. Since exim4 is not a mail server,

If your exim is not running as a mail server,
do you want it to listen on any of the SMTP ports at all ?
If not, turning off listening is your solution,
since the No Certificate Warning
only appears if you listen for SMTP with TLS.

> itself, we may have some mechanized confusion at work. The cert
> message appears because the loopback instance of exim4 runs on
> localhost's address of 127.0.0.1 which is fine as it goes but
> here's what I notice.
>
> exim -bP tls_advertise_hosts
> tls_advertise_hosts = *
>
> This is always true no matter what I do to any of the settings so
> far.
>
>     I went as far as going to /etc/exim4/conf.d/main and
> modifying the line in /etc/exim4/conf.d/main/03_exim4-config_tlsoptions
> from tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS
> to tls_advertise_hosts =

>
> followed by a dpkg-reconfigure exim4-config.
>
>     No need to check much because the cert  nag pops up
> meaning the new instance of exim4 is up and running.

>
>     Trying split and non-split configuration has the same
> results with
> exim -bP tls_advertise_hosts
> tls_advertise_hosts = *

>
> which never changes.
>
>     If this was a fully-internet connected host as far as
> mail goes, I would be much more worried about the lack of a
> certificate but I think that if one runs that type of host, there
> may be another module one must install via debian's apt-get and
> or aptitude installation methods.
 

I think you control that with your answer to the
        dpkg-reconfigure exim4-config
question "General type of mail configuration:"
For those not on Debian or Ubuntu, the options are:
        internet site; mail is sent and received directly using ...
        mail sent by smarthost; received via SMTP or fetchmail
        mail sent by smarthost; no local mail
        local delivery only; not on a network
        no configuration at this time 
Which are you using ?


-- 
Andrew C. Aitchison                      Kendal, UK
                    andrew@???


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] The No Certificate Warning and the Right Way to Stop itRe: [exim] [oss-security] Exim CVE-2019-16928 RCE using a heap-based buffer overflow->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)