I have the exim4-daemon-heavy package (and actually its the same problem with exim4-daemon-light) installed from sarge. I''m having a terrible time trying to get it to advertise STARTTLS on connect. When I send email out from this server, it successfully sends email using TLS to TLS enabled servers. I have generated a certificate using the exim-gencert script. In my update-exim4.conf.conf file I have the variable MAIN_TLS_ENABLE set to true. If I understand my exim4.conf.template correctly, thats all I should need to do. When I look through my config.autogenerated file, indeed I have the line ''tls_advertise_hosts = *''. However, when I connect and do a ''ehlo whatever.com'', its not advertised. When I do a ''HELP'' I see that STARTTLS is available, but the server won''t let me use it when its not advertised. When I put the server into debug mode, I see the line in the output: 20896 host in tls_advertise_hosts? no (option unset) Anyone know where I''m going wrong? -Don
On Sun, Sep 10, 2006 at 09:59:03PM -0600, Donald Thompson wrote:> I have the exim4-daemon-heavy package (and actually its the same problem > with exim4-daemon-light) installed from sarge. I''m having a terrible > time trying to get it to advertise STARTTLS on connect. > > When I send email out from this server, it successfully sends email > using TLS to TLS enabled servers. I have generated a certificate using > the exim-gencert script. In my update-exim4.conf.conf file I have the > variable MAIN_TLS_ENABLE set to true. If I understand my > exim4.conf.template correctly, thats all I should need to do. > When I look through my config.autogenerated file, indeed I have the line > ''tls_advertise_hosts = *''.This sounds strange, since tls_advertise_hosts is usually set via a macro: .ifdef MAIN_TLS_ENABLE .ifndef MAIN_TLS_ADVERTISE_HOSTS MAIN_TLS_ADVERTISE_HOSTS = * .endif tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS Can you please check whether MAIN_TLS_ENABLE is really set in /var/lib/exim4/config.autogenerated and whether MAIN_TLS_ADVERTISE_HOSTS may be set to some undesireable value? I suspect that you are using split config while editing the non-split config file. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Hello Donald, Donald Thompson, 11.09.2006 (d.m.y):> However, when I connect and do a ''ehlo whatever.com'', its not > advertised. When I do a ''HELP'' I see that STARTTLS is available, but the > server won''t let me use it when its not advertised. When I put the > server into debug mode, I see the line in the output: > 20896 host in tls_advertise_hosts? no (option unset) > > Anyone know where I''m going wrong?Look for "tls_advertise_hosts" in your exim configuration and fix it. Regards, Christian Schmidt -- Der Glaube kann uns niemals von etwas ?berzeugen, was unserer Erkenntnis zuwiderl?uft. -- John Locke -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20060911/7d511073/attachment.pgp
> On Sun, Sep 10, 2006 at 09:59:03PM -0600, Donald Thompson wrote: >> I have the exim4-daemon-heavy package (and actually its the same problem >> with exim4-daemon-light) installed from sarge. I''m having a terrible >> time trying to get it to advertise STARTTLS on connect. >> >> When I send email out from this server, it successfully sends email >> using TLS to TLS enabled servers. I have generated a certificate using >> the exim-gencert script. In my update-exim4.conf.conf file I have the >> variable MAIN_TLS_ENABLE set to true. If I understand my >> exim4.conf.template correctly, thats all I should need to do. >> When I look through my config.autogenerated file, indeed I have the line >> ''tls_advertise_hosts = *''. > > This sounds strange, since tls_advertise_hosts is usually set via a > macro: > .ifdef MAIN_TLS_ENABLE > .ifndef MAIN_TLS_ADVERTISE_HOSTS > MAIN_TLS_ADVERTISE_HOSTS = * > .endif > tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTSThats exactly how it looks in my config.autogenerated. My config file is available at http://dv1.dataventures.com/~dlt/config.autogenerated> Can you please check whether MAIN_TLS_ENABLE is really set in > /var/lib/exim4/config.autogenerated and whether > MAIN_TLS_ADVERTISE_HOSTS may be set to some undesireable value? > > I suspect that you are using split config while editing the non-split > config file.When I run ''update-exim4.conf -v'' it outputs: using non-split configuration scheme from /etc/exim4/exim4.conf.template -Don> > Greetings > Marc > > -- > ----------------------------------------------------------------------------- > Marc Haber | "I don''t trust Computers. They | Mailadresse im > Header > Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 > 72739834 > Nordisch by Nature | How to make an American Quilt | Fax: *49 621 > 72739835 > > _______________________________________________ > Pkg-exim4-users mailing list > Pkg-exim4-users@lists.alioth.debian.org > http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users >
On Mon, Sep 11, 2006 at 04:25:33PM -0600, Donald Thompson wrote:> > On Mon, Sep 11, 2006 at 10:51:05PM +0200, Marc Haber wrote: > > This sounds strange, since tls_advertise_hosts is usually set via a > > macro: > > .ifdef MAIN_TLS_ENABLE > > .ifndef MAIN_TLS_ADVERTISE_HOSTS > > MAIN_TLS_ADVERTISE_HOSTS = * > > .endif > > tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS > > Thats exactly how it looks in my config.autogenerated. > > My config file is available at > http://dv1.dataventures.com/~dlt/config.autogenerated > > > Can you please check whether MAIN_TLS_ENABLE is really set in > > /var/lib/exim4/config.autogenerated and whether > > MAIN_TLS_ADVERTISE_HOSTS may be set to some undesireable value?config.autogenerated has no MAIN_TLS_ENABLE = true, so he missed to create conf.d/main/01_MY_macros containing this line. -- Nicht Absicht unterstellen, wenn auch Dummheit ausreicht!
On Mon, Sep 11, 2006 at 04:25:33PM -0600, Donald Thompson wrote:> My config file is available at > http://dv1.dataventures.com/~dlt/config.autogeneratedThat file does not have MAIN_TLS_ENABLE set.> When I run ''update-exim4.conf -v'' it outputs: > > using non-split configuration scheme from /etc/exim4/exim4.conf.templateLooks like my guess was correct. Let me quote from README.Debian (2.1.3): | For a non-split configuration, /etc/exim4/exim4.conf.localmacros gets | read before /etc/exim4/exim4.conf.template. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
On Tue, Sep 12, 2006 at 08:21:16AM +0200, Martin Reising wrote:> config.autogenerated has no MAIN_TLS_ENABLE = true, so he missed to > create conf.d/main/01_MY_macros containing this line.He is using non-split config, so he needs to set the macro at a different place. Your file is only read for split config. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
On Tue, Sep 12, 2006 at 09:30:41AM +0200, Marc Haber wrote:> On Tue, Sep 12, 2006 at 08:21:16AM +0200, Martin Reising wrote: > > config.autogenerated has no MAIN_TLS_ENABLE = true, so he missed to > > create conf.d/main/01_MY_macros containing this line. > > He is using non-split config, so he needs to set the macro at a > different place. Your file is only read for split config.UPS! You are right. I''ve parsed non-split as split. -- Nicht Absicht unterstellen, wenn auch Dummheit ausreicht!