logs archiveIRC Archive / Freenode / #exim / 2015 / August / 11 / 1
ikonia
is there a solid doc somewhere on generating the required files to get an external CA to sign a cert for exim ?
don't want to use self signed on this host
henk
ikonia: cas often have some kind of docs and there is http://exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html#SECTcerandall
s/cas/CAs/
ikonia
ahh perfect, thank you
linuxthefish
hi, is it possible to allow all mail for an IP?
like to override the message "The mail server could not deliver mail to mail@domain.ext. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries."
ikonia
for an IP ?
if you send mail to user@$IP it will work if it's a valid account, you'll need to set up a catch all alias
has anyone got a good understanding of the tls_require_ciphers within exim.conf
I'm failing to start up with tls_require_ciphers invalid: SSL_CTX_set_cipher_list(SECURE128) failed
suggesting it can't use SECURE128
but I don't get why, it is more likley my use of tls_require_ciphers being used wrong, rather than an actual problem
maxb
ikonia: I don't think SECURE128 is a valid OpenSSL cipher directive
jgh_
http://www.openssl.org/docs/apps/ciphers.html
ikonia
really ?
maxb
really
         

ikonia
I must have missread then
thank you
maxb
It sounds more like a GnuTLS thing to me
Peitolm
did you link exim against openssl or gnutls?
ikonia
ahhh, maybe I've got them back to front as my old exim box did use gnutls
it's the redhat exim package, it's linked against opensll
openssl
maxb
You probably want something like 'HIGH'
ikonia
I've probably just got it back to front when I was building my new config and left the old gnutls stuff in
my fault
thank you for the pointer
maxb
openssh has a command, 'openssl ciphers -v ...' with which you can test what a cipher specification evaluates to
*openssl
ikonia
that looks better, thank you
linuxthefish
hi, is "hostlist relay_hosts = *" all i need for an open relay?
jgh_
no; it depends on that hostlist being used in an ACL
notkoos
all one needs is 'accept' in rcpt ACL afaicr ;)
linuxthefish
ah i see, yeah it's used in ACL and works thanks
henk
linuxthefish: You _want_ to build an open relay? Why?
« prev next »