Subject: Re: Exim and TLS (OpenSSL) unsuccessful
To: netbsd.ndk <gibber_ndk@yahoo.com>
From: Jasper Wallace <jasper@pointless.net>
List: netbsd-users
Date: 10/31/2001 18:30:34
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 30 Oct 2001, netbsd.ndk wrote:
> I've been emailing Philip Hazel (Exim originator) and he suggested I
> grep the config.h that NetBSD builds for #define SUPPORT_TLS yes. I
> ran
>
> /usr/pkgsrc/mail/exim/work/exim-3.32/build-NetBSD-i386# egrep -i
> 'support_tls' config.h
>
> and received
>
> /* SUPPORT_TLS not set */
>
> So, I'd like to change it to #define SUPPORT_TLS yes and force a
> rebuild from the current files. How can I do this from the files
> that already exist in the work subdir?
You may just be missing a "make makefile" in work/exim-3.33/
Your probably best starting from scratch. Infact, unless your prepared to
make a custom package it's probably eaiser to just config & compile exim
your self without going through the package system.
FWIW i use exim with tls, with:
- ---------------------------------------------------------------------
SUPPORT_TLS=yes
TLS_LIBS=-lssl -lcrypto
- ---------------------------------------------------------------------
in exim-3.33/Local/Makefile, and:
- ---------------------------------------------------------------------#
# TLS options
#
tls_log_cipher
tls_log_peerdn
tls_dhparam = /usr/exim/tls-stuff/dhparam.512.pem
- ---------------------------------------------------------------------
in the 'main' section of the exim configure file, and my remote_smtp
transport, looks like:
- ---------------------------------------------------------------------
remote_smtp:
driver = smtp
hosts_require_tls = *
authenticate_hosts = mostly.pointless.net
- ---------------------------------------------------------------------
But this may not work for you cos this machine sends all it's mail (over TLS)
to a smarthost.
The smart host has:
- ---------------------------------------------------------------------
#
# STARTTLS settings
#
tls_certificate = /usr/exim/tls-stuff/rsa.cert.pem
tls_privatekey = /usr/exim/tls-stuff/rsa.key.pem
tls_dhparam = /usr/exim/tls-stuff/dhparam.512.pem
tls_log_cipher
tls_log_peerdn
# dangerous?
tls_advertise_hosts = *
# this is probably useless
auth_over_tls_hosts = *
- ---------------------------------------------------------------------
in it's exim configure file. This particular setup isn't optimal (i can't
remember why, i just have a mental note to fix it).
It's definatly worth while reading the relevent bits of the exim docs.
Hmmm, this turned into a 'build an exim ssl package' session:
http://pointless.net/~jasper/eximssl.tgz
untar it in pkgsrc/mail, cd eximssl, make install in the usual way.
N.B. this isn't a very well done package, but it does produce an exim with
SSL support:
$ ldd work.i386/exim-3.33/build-NetBSD -i386/exim
work.i386/exim-3.33/build-NetBSD-i386/exim:
-lcrypt.0 => /usr/lib/libcrypt.so.0
-lssl.1 => /usr/lib/libssl.so.1
-lcrypto.0 => /usr/lib/libcrypto.so.0
-lc.12 => /usr/lib/libc.so.12
- --
When Ted's fixing your computer at a quarter past one, eat your
Whopper with cheese in his face. He functions better when he's
slightly dizzy from hunger.
[see: http://sysday.tripod.com/time.htm] [0x2ECA0975]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org
iQEVAwUBO+BDTQCB+Qwuygl1AQHcNQf9H1Lu+1ncq5qA36nLJj6RTt09kJtLZk+i
0s6OTFUkERjE2XMqyXM9yGmuOK3qSoP4UQcEhbovNPLDJdhIZFFuagIzJPN1MSTk
pmkQ/IO3Er6+g6XzvHto/sawm6E2LRvDmOWktdURT7qt/pY6HF64kLKZAyZbSpBx
Q6bVao8OPlwyR+48ZohLJUSO1Ii/S/EsCtq+Auq5rxQOQxa9ZvAi42R7ub5CPN2+
ot2jYnXJxuAmfD5nRW5ZDNT+uSIpJ4ErccOQ/ms2i/Jwlv8FmmBPE61ZtphhD7fv
6GAkSDEXh9SWW/UTPr5uE+MbfDs92EQHRCLp4/DaqugXtB/27ai5Pg==
=Y2/M
-----END PGP SIGNATURE-----