[Ach] Exim section

Sebastian sebix at sebix.at
Tue Feb 24 17:30:45 CET 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I just had to configure a Exim server and found some things that
probably need work:

The definition of cert and key paths is in every section (submission,
incoming, client). This can be probably cut down to one at the beginning.

> Add the following rules on top of your acl_smtp_mail:
> [Listing ...]
> This switches Exim to submission mode and allows addition of missing
> “Message-ID” and “Date” headers.
This does not belong in this guide. This has nothing to do with transport
crypto.

> It is not advisable to restrict the default cipher list for MSA mode if you don’t know all connecting
> MUAs. If you still want to define one please consult the Exim
> documentation or ask on the exim-users mailinglist.
This refers to the docs to change the cipher string. But in "SMTP in
general" we have:
> For MSA operation we recommend: [...]
> optionally use the recommended cipher suites if (and only if) all your
> connecting MUAs support them
I think it should be described how to do that. The admin decides if he
deploys the settings we recommend here.

Another paragraph with possibly too generic content:
> Exim string expansion: Note that most of the options accept expansion strings. This way you can
> e.g. set cipher lists or STARTTLS advertisement conditionally. Please
> follow the link to the official Exim documentation to get more
information.

Sebastian

- -- 
python programming - mail server - photo - video - https://sebix.at
To verify my cryptographic signature or send me encrypted mails, get my
key at https://sebix.at/DC9B463B.asc or with gpg --keyserver
keys.gnupg.net --recv-key DC9B463B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJU7Kc0AAoJEBn0X+vcm0Y7Vp4P/09EjOOLWNIdHpQBHhoLuyAI
4dP1tlSvTLkqbzaHFc7AOmn6ohti7HGnTTI5ZHW85NQhVMKP3VjxzMIrPVzk9yjM
6ihyG7QtNo/6uKj9VTC+3TZxfqJlbzoALWxeIVwY57Q64lcHm88z/jydwJncv5mC
y6fFZWlFjj8eMwhcEvB9u0v16BMXI0HtDqwJBf4O4SS+4rJhQs7+UE7L0duvypkH
OHvYfeDkmomeRmKE1/qcpbIvsyY7yKspKztrmFhGYlvWMbsCm+EAttut+z4SYRFh
+ji5Q8CevfDoOd1V8nWk2N+O81Vrx4AhTGAZ4nWqf0qSGzpFczmjjjiWICS/TTDN
QUlXG836hXKw/fUrISNyLaQe8Y5xVBZDujToG2Yb/wDis6ONvUfWWwFH0qzk6KDR
U4/WWwHCafxa2UnYGv/7kqIRfqlTv2DZACNqj+r1PHwTFvqVlOlPYQgCbgfILepJ
eKJ9lN79KaKYJ7VjiLggJr6Db98Qgz37MtB0QPSNToUoB8+V3hh6HcQF25eYFHd6
YtE3eKC5ANvmM+T7MA5z9AB3HNVwmH4bj53LwXt6UJSVREdRL6Wowa1a+QmFNSsD
50S6KX19tVw1iDpthxFF+LP77A+BEn6TOvvlHeSBDpq71SAkGcccBdv/EzB1bnzM
u994xFEx8pvXcEZZnvMl
=f+pw
-----END PGP SIGNATURE-----

More information about the Ach mailing list