Package: exim4 Version: 4.80-7 Followup-For: Bug #684340 This issue is still around in 4.80-7 on wheezy.
Longish thread on postfix-users as well, with an exim developer (Phil Pennock) discussing this bug with Wietse and Viktor Dukhovni. 66_enlarge-dh-parameters-size.dpatch in gnutls is the issue cause, forcing high Diffie Hellman primes to be required. http://postfix.1071664.n5.nabble.com/Exim-DH-GnuTLS-interop-tp61003p61097.html http://postfix.1071664.n5.nabble.com/Exim-DH-GnuTLS-interop-tp61003p61100.html Possibly good crypto but extremely bad for interoperability, and obviously ends up in a lot of email being sent out unencrypted / cleartext when at least a base level of TLS should have been available and usable. Setting tls_dh_min_bits=512 in remote_smtp does help mitigate it. If you use a monolithic config rather than a split config, and have it persist across releases once the config is stabilized .. thanks --srs -- Package-specific info: Exim version 4.80 #2 built 02-Jan-2013 19:40:19 Copyright (c) University of Cambridge, 1995 - 2012 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2012 Berkeley DB: Berkeley DB 5.1.29: (October 25, 2011) Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM Old_Demime Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Fixed never_users: 0 Size of off_t: 8 Configuration file is /etc/exim4/exim4.conf # /etc/exim4/update-exim4.conf.conf # # Edit this file and /etc/mailname by hand and execute update-exim4.conf # yourself or use 'dpkg-reconfigure exim4-config' # # Please note that this is _not_ a dpkg-conffile and that automatic changes # to this file might happen. The code handling this will honor your local # changes, so this is usually fine, but will break local schemes that mess # around with multiple versions of the file. # # update-exim4.conf uses this file to determine variable values to replace # the DEBCONFsomethingDEBCONF strings in the configuration template files. # # Most settings found in here do have corresponding questions in the # Debconf configuration, but not all of them. # # This is a Debian specific file dc_eximconfig_configtype='none' dc_other_hostnames='frodo.hserus.net' dc_local_interfaces='' dc_readhost='' dc_relay_domains='' dc_minimaldns='false' dc_relay_nets='' dc_smarthost='' CFILEMODE='644' dc_use_split_config='false' dc_hide_mailname='' dc_mailname_in_oh='true' dc_localdelivery='mail_spool' mailname:frodo.hserus.net -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.utf8) Shell: /bin/sh linked to /bin/dash Versions of packages exim4 depends on: ii debconf [debconf-2.0] 1.5.49 ii exim4-base 4.80-7 ii exim4-daemon-heavy 4.80-7 exim4 recommends no packages. exim4 suggests no packages. -- debconf information: exim4/drec: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
