Package: exim4 Version: 4.50-8 Severity: important
The Postfix smarthost allows relay only if clients successfully authenticate (SMTP AUTH) through a TLS session. If it's a plain-text session, SMTP clients won't be able to authenticate. The SSL certficate of the smarthost is signed by a do-it-yourself CA. exim4 client can relay through the smarthost, and I have the following entries in /etc/exim4/exim4.conf.localmacros: MAIN_TLS_VERIFY_CERTIFICATES = /etc/exim4/cacert.crt MAIN_TLS_VERIFY_HOSTS = mail.linux-vs.org /etc/exim4/cacert.crt is the certificate of the do-it-yourself CA. However, even after I replace it with a random authorized CA certificate and restart the exim4 daemon, the exim4 client can still relay through the smarthost. Isn't tls_verify_certificates supposed to verify the server certificate as well? Wenzhuo -- Package-specific info: Exim version 4.50 #1 built 27-May-2005 08:08:19 Copyright (c) University of Cambridge 2004 Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Support for: iconv() IPv6 GnuTLS Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch nis nis0 passwd Authenticators: cram_md5 plaintext Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp Fixed never_users: 0 Configuration file is /var/lib/exim4/config.autogenerated # /etc/exim4/update-exim4.conf.conf # # Edit this file and /etc/mailname by hand and execute update-exim4.conf # yourself or use 'dpkg-reconfigure exim4-config' # # Please note that this is _not_ a dpkg-conffile and that automatic changes # to this file might happen. The code handling this will honor your local # changes, so this is usually fine, but will break local schemes that mess # around with multiple versions of the file. # # update-exim4.conf uses this file to determine variable values to replace # the DEBCONFsomethingDEBCONF strings in the configuration template files. # # Most settings found in here do have corresponding questions in the # Debconf configuration, but not all of them. # # This is a Debian specific file dc_eximconfig_configtype='smarthost' dc_other_hostnames='thinkpad.zhmail.com' dc_local_interfaces='127.0.0.1' dc_readhost='zhmail.com' dc_relay_domains='' dc_minimaldns='false' dc_relay_nets='' dc_smarthost='mail.linux-vs.org' CFILEMODE='644' dc_use_split_config='false' dc_hide_mailname='true' dc_mailname_in_oh='true' mailname:thinkpad.zhmail.com -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.31-t20.1 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages exim4 depends on: ii exim4-base 4.50-8 support files for all exim MTA (v4 ii exim4-daemon-light 4.50-8 lightweight exim MTA (v4) daemon -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
