Your message dated Sat, 11 Jan 2020 06:33:50 +0100
with message-id <[email protected]>
and subject line Re: Bug#948573: exim4: TLS not in use. Log spammed with "No
server certificate defined; will use a selfsigned one."
has caused the Debian Bug report #948573,
regarding exim4: TLS not in use. Log spammed with "No server certificate
defined; will use a selfsigned one."
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
948573: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948573
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: exim4
Version: 4.93-5
Severity: normal
This system recived no mail. Exim is setup to allow mail to be sent to a
smarthost
(mostly from daemons but from humans occasionally, like sending a log or config
file
to themselves on another system, or reportbug!).
Since a recent upgrade, the log file is spammed with many messages saying:
Warning: No server certificate defined; will use a selfsigned one.
Regenerating the config (this system uses single config) gives the message:
2020-01-10 11:16:32 Warning: No server certificate defined; will use a
selfsigned one.
Suggested action: either install a certificate or change tls_advertise_hosts
option
I do not want to create a certificate, nor do I want exim to use a self-signed
one.
There are no SMTP listeners running and nothing tries to send email to this
system.
I have tried removing the tls_advertise_hosts option completely from the config
file
(verifying it is not present in /var/lib/exim4/config.autogenerated).
I have also tried including it in the config as:
tls_advertise_hosts =
Neither option works - exim still logs these messages.
-- Package-specific info:
Exim version 4.93 #5 built 03-Jan-2020 18:02:33
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DANE DKIM DNSSEC
Event OCSP PRDR SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz
dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file search path is
/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to replace
# the DEBCONFsomethingDEBCONF strings in the configuration template files.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file
dc_eximconfig_configtype='satellite'
dc_other_hostnames='novatech.home.cobb.me.uk'
dc_local_interfaces='127.0.0.1'
dc_readhost='cobb.me.uk'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
##GRC dc_smarthost='vranx.home.cobb.me.uk'
dc_smarthost='black'
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname='true'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:novatech.home.cobb.me.uk
# /etc/default/exim4
EX4DEF_VERSION=''
# 'combined' - one daemon running queue and listening on SMTP port
# 'no' - no daemon running the queue
# 'separate' - two separate daemons
# 'ppp' - only run queue with /etc/ppp/ip-up.d/exim4.
# 'nodaemon' - no daemon is started at all.
# 'queueonly' - only a queue running daemon is started, no SMTP listener.
# setting this to 'no' will also disable queueruns from /etc/ppp/ip-up.d/exim4
QUEUERUNNER='combined'
# how often should we run the queue
QUEUEINTERVAL='30m'
# options common to quez-runner and listening daemon
COMMONOPTIONS=''
# more options for the daemon/process running the queue (applies to the one
# started in /etc/ppp/ip-up.d/exim4, too.
QUEUERUNNEROPTIONS=''
# special flags given to exim directly after the -q. See exim(8)
QFLAGS=''
# options for daemon listening on port 25
SMTPLISTENEROPTIONS=''
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (990, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8) (ignored: LC_ALL
set to en_IE.utf8), LANGUAGE=en_IE.utf8 (charmap=UTF-8) (ignored: LC_ALL set to
en_IE.utf8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages exim4 depends on:
ii debconf [debconf-2.0] 1.5.73
ii exim4-base 4.93-5
ii exim4-daemon-light 4.93-5
exim4 recommends no packages.
exim4 suggests no packages.
-- debconf information:
* exim4/drec:
--- End Message ---
--- Begin Message ---
On 2020-01-10 [email protected] wrote:
> > You probably have not edited the correct file. "tls_advertise_hosts ="
> > does work. Please retry and check with
> > /usr/sbin/exim4 -bP tls_advertise_hosts
> I edited the correct file. But thanks for pointing out the -bP option: I
> have now worked out the problem...
> Please consider changing the shipped /etc/exim4/exim4.conf.template to
> add 'tls_advertise_hosts =' into the:
> .else
> # Use upstream defaults
> corresponding to the .ifdef MAIN_TLS_ENABLE
Considered and chosen not to.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
--- End Message ---
