Pkg exim4 users - Apr 2007 - configuring an SSL tunnel. Was "daemon_smtp_ports"

At Mon, 9 Apr 2007 09:10:22 +0200 Marc Haber wrote
mh> How about Section 2.1.4?

The most important of all the documentation 
on configuration of exim.

Richard Feynman''s Dictum of Education: begin 
with the most general concept and progress to 
the more specific.  

The documentation for configuring Exim should 
begin with 2.1.4.  After that, explain the 
details.

mh> See README.Debian chapter 1.1

This most convenient documentation I''ve found is 
"http://www.exim.org/exim-html-4.40/doc/html/spec_toc.html".
Parameters covered in this chapter.
"http://www.exim.org/exim-html-4.40/doc/html/spec_14.html"

I haven''t found a Debian specific version.
Which of the parameters gets a "dc_" prefix 
remains a mystery.

mh> I''d suggest setting the SMTP ports on the daemon command line in
/etc/default/exim4.

The indirection is killing me!  Which of 
the upper-case parameters should define the 
command line parameters?  What quoting is correct?  
Something such as one of these?

COMMONOPTIONS=''-tls_on_connect_ports = ''25 : 1025''
-tls-on-connect''
or
QUEUERUNNEROPTIONS=''tls_on_connect_ports = ''25 :
1025'' tls-on-connect''
or
QFLAGS=''-tls_on_connect_ports = "25 : 1025"
-tls-on-connect''
or
SMTPLISTENEROPTIONS=''tls_on_connect_ports = "25 : 1025"
tls-on-connect''
?

Rather than spend hours trying to establish
a working syntax by trial & error I put 
these two lines in /etc/exim4/exim4.conf.template
at the end of the section marked "main/02_exim4-config_options".

daemon_smtp_ports = 25 : 1025
tls_on_connect_ports = 1025 

Then I ran "dpkg-reconfigure exim4-config" again.      

At Mon, 9 Apr 2007 09:11:00 +0200 Marc wrote,
"Why[ daemon_smtp_ports = ''25 : 1025'']?"

Well, I aim for port 25 to receive a connection through 
my LAN while port 1025 is to receive a connection through
a legacy-SSL tunnel through the Internet.  The problem 
was explained more thoroughly in my message to 
exim-users@exim.org between the 16th and 22 of 
March, this year.

With the above configuration, this line appears in 
/var/log/exim4/mainlog.

2007-04-16 08:34:34 exim 4.63 daemon started: pid=11224, -q30m, 
  listening for SMTP on port 25 (IPv6 and IPv4) and for SMTPS on port
1025 (IPv6 and IPv4)

(Line broken for legibility.)  At least exim 
appears to respond to the lines added to 
exim4.conf.template.

After this change, the local MUA continues 
to work.  Yet the SSL tunnel does not work 
for sending and there is nothing pertinent 
in mainlog.

Any suggestions for settings additional to the two 
mentioned above?

At Mon, 9 Apr 2007 10:24:06 +0200 Marc wrote,
"I have adapted both the man page and README.Debian to hopefully avoid
the misunderstandings that happened to you."

Thanks.  I''ll look for the revisions after the next system 
update, 
                        ... Peter E.

On Tue, Apr 17, 2007 at 04:22:43PM -0700, Easthope
wrote:
> At Mon, 9 Apr 2007 09:10:22 +0200 Marc Haber wrote
> mh> How about Section 2.1.4?
> 
> The most important of all the documentation 
> on configuration of exim.
I do not understand what you mean here.
> Richard Feynman''s Dictum of Education: begin 
> with the most general concept and progress to 
> the more specific.
This does work when your reading audience wants to learn and
understand. Unfortunately, Debian exim users usually are interested in
neither. Which is why we chose to structure the documentation in order
of "importance" to catch the reader''s attention early.
> The documentation for configuring Exim should 
> begin with 2.1.4.  After that, explain the 
> details.
I disagree. The vast majority of exim users on Debian do not need to
know that update-exim4.conf exists in the first place. Their needs can
be satisfied with the debconf stuff.
> mh> See README.Debian chapter 1.1
> 
> This most convenient documentation I''ve found is 
> "http://www.exim.org/exim-html-4.40/doc/html/spec_toc.html".
> Parameters covered in this chapter.
> "http://www.exim.org/exim-html-4.40/doc/html/spec_14.html"
For most exim users, the upstream docs are way too much. If you get
along with the upstream docs, good for you. Congratulations.
> I haven''t found a Debian specific version.
There is none. We expect our users to do some abstraction.
> Which of the parameters gets a "dc_" prefix 
> remains a mystery.
There are no parameters with "dc_" prefix in the exim configuration.
The only file that uses dc_ prefixes is update-exim4.conf.conf, which
is - surprise - the configuration file for update-exim4.conf, and is -
again surprise - documented in the man page for update-exim4.conf.
> mh> I''d suggest setting the SMTP ports on the daemon command
line in
> /etc/default/exim4.
> 
> The indirection is killing me!  Which of 
> the upper-case parameters should define the 
> command line parameters?  What quoting is correct?  
> Something such as one of these?
> 
> COMMONOPTIONS=''-tls_on_connect_ports = ''25 :
1025'' -tls-on-connect''
> or
> QUEUERUNNEROPTIONS=''tls_on_connect_ports = ''25 :
1025'' tls-on-connect''
> or
> QFLAGS=''-tls_on_connect_ports = "25 : 1025"
-tls-on-connect''
> or
> SMTPLISTENEROPTIONS=''tls_on_connect_ports = "25 : 1025"
> tls-on-connect''
> ?
Well, you are obviosuly setting options for an SMTP listener, so the
natural variable to use is SMTPLISTENEROPTIONS.

I usually use
SMTPLISTENEROPTIONS=''-oX 465:25 -oP /var/run/exim4/exim.pid''
and set
tls_on_connect_ports = 465
in the main configuration.
> Rather than spend hours trying to establish
> a working syntax by trial & error I put 
> these two lines in /etc/exim4/exim4.conf.template
> at the end of the section marked "main/02_exim4-config_options".
> 
> daemon_smtp_ports = 25 : 1025
> tls_on_connect_ports = 1025 
> 
> Then I ran "dpkg-reconfigure exim4-config" again.      
There is more than one way to do it. Yours is one.
> At Mon, 9 Apr 2007 09:11:00 +0200 Marc wrote,
> "Why[ daemon_smtp_ports = ''25 : 1025'']?"
> 
> Well, I aim for port 25 to receive a connection through 
> my LAN while port 1025 is to receive a connection through
> a legacy-SSL tunnel through the Internet.
As far as I know, there is a dedicated port allocated for
smtp-over-ssl. But of course, you are free to use your own port.
>   The problem was explained more thoroughly in my message to 
>   exim-users@exim.org between the 16th and 22 of March, this year.
> 
> With the above configuration, this line appears in 
> /var/log/exim4/mainlog.
> 
> 2007-04-16 08:34:34 exim 4.63 daemon started: pid=11224, -q30m, 
>   listening for SMTP on port 25 (IPv6 and IPv4) and for SMTPS on port
> 1025 (IPv6 and IPv4)
> 
> (Line broken for legibility.)  At least exim 
> appears to respond to the lines added to 
> exim4.conf.template.
exim4.conf.template is the input file for exim configuration if you
choose non-split configuration in debconf. If you choose split
configuration, input is read from /etc/exim4/conf.d. But this is all
explained in README.Debian.
> After this change, the local MUA continues 
> to work.  Yet the SSL tunnel does not work 
> for sending and there is nothing pertinent 
> in mainlog.
What does "does not work" mean?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190