Subject: Re: Exim and TLS (OpenSSL) unsuccessful
To: Jasper Wallace <jasper@pointless.net>
From: netbsd.ndk <gibber_ndk@yahoo.com>
List: netbsd-users
Date: 10/31/2001 11:52:57
Thanks so much, I'll give it a shot...
--- Jasper Wallace <jasper@pointless.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> You may just be missing a "make makefile" in work/exim-3.33/
>
> Your probably best starting from scratch. Infact, unless your
> prepared to
> make a custom package it's probably eaiser to just config & compile
> exim
> your self without going through the package system.
>
> FWIW i use exim with tls, with:
>
> -
>
---------------------------------------------------------------------
> SUPPORT_TLS=yes
> TLS_LIBS=-lssl -lcrypto
> -
>
---------------------------------------------------------------------
>
> in exim-3.33/Local/Makefile, and:
>
> -
>
---------------------------------------------------------------------#
> # TLS options
> #
> tls_log_cipher
> tls_log_peerdn
> tls_dhparam = /usr/exim/tls-stuff/dhparam.512.pem
> -
>
---------------------------------------------------------------------
>
> in the 'main' section of the exim configure file, and my
> remote_smtp
> transport, looks like:
>
> -
>
---------------------------------------------------------------------
> remote_smtp:
> driver = smtp
> hosts_require_tls = *
> authenticate_hosts = mostly.pointless.net
> -
>
---------------------------------------------------------------------
>
> But this may not work for you cos this machine sends all it's mail
> (over TLS)
> to a smarthost.
>
> The smart host has:
> -
>
---------------------------------------------------------------------
> #
> # STARTTLS settings
> #
> tls_certificate = /usr/exim/tls-stuff/rsa.cert.pem
> tls_privatekey = /usr/exim/tls-stuff/rsa.key.pem
> tls_dhparam = /usr/exim/tls-stuff/dhparam.512.pem
> tls_log_cipher
> tls_log_peerdn
>
> # dangerous?
> tls_advertise_hosts = *
>
> # this is probably useless
> auth_over_tls_hosts = *
> -
>
---------------------------------------------------------------------
>
> in it's exim configure file. This particular setup isn't optimal (i
> can't
> remember why, i just have a mental note to fix it).
>
> It's definatly worth while reading the relevent bits of the exim
> docs.
>
> Hmmm, this turned into a 'build an exim ssl package' session:
>
> http://pointless.net/~jasper/eximssl.tgz
>
> untar it in pkgsrc/mail, cd eximssl, make install in the usual way.
>
> N.B. this isn't a very well done package, but it does produce an
> exim with
> SSL support:
>
> $ ldd work.i386/exim-3.33/build-NetBSD -i386/exim
> work.i386/exim-3.33/build-NetBSD-i386/exim:
> -lcrypt.0 => /usr/lib/libcrypt.so.0
> -lssl.1 => /usr/lib/libssl.so.1
> -lcrypto.0 => /usr/lib/libcrypto.so.0
> -lc.12 => /usr/lib/libc.so.12
>
> - --
> When Ted's fixing your computer at a quarter past one, eat your
> Whopper with cheese in his face. He functions better when he's
> slightly dizzy from hunger.
> [see: http://sysday.tripod.com/time.htm] [0x2ECA0975]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (NetBSD)
> Comment: For info see http://www.gnupg.org
>
> iQEVAwUBO+BDTQCB+Qwuygl1AQHcNQf9H1Lu+1ncq5qA36nLJj6RTt09kJtLZk+i
> 0s6OTFUkERjE2XMqyXM9yGmuOK3qSoP4UQcEhbovNPLDJdhIZFFuagIzJPN1MSTk
> pmkQ/IO3Er6+g6XzvHto/sawm6E2LRvDmOWktdURT7qt/pY6HF64kLKZAyZbSpBx
> Q6bVao8OPlwyR+48ZohLJUSO1Ii/S/EsCtq+Auq5rxQOQxa9ZvAi42R7ub5CPN2+
> ot2jYnXJxuAmfD5nRW5ZDNT+uSIpJ4ErccOQ/ms2i/Jwlv8FmmBPE61ZtphhD7fv
> 6GAkSDEXh9SWW/UTPr5uE+MbfDs92EQHRCLp4/DaqugXtB/27ai5Pg==
> =Y2/M
> -----END PGP SIGNATURE-----
>
__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com