Ryfujk

Do I need to leave some extra space available on the disk which my database log files reside, for log backup operations to successfully occur?

What is the blue range indicating on this manifold pressure gauge?

Are there situations where a child is permitted to refer to their parent by their first name?

Single word request: Harming the benefactor

Is "history" a male-biased word ("his+story")?

Can someone explain this Mudra being done by Ramakrishna Paramhansa in Samadhi?

Provisioning profile doesn't include the application-identifier and keychain-access-groups entitlements

Confusion with the nameplate of an induction motor

Is King K. Rool's down throw to up-special a true combo?

Best approach to update all entries in a list that is paginated?

Why would a jet engine that runs at temps excess of 2000°C burn when it crashes?

Should QA ask requirements to developers?

The three point beverage

How is the Swiss post e-voting system supposed to work, and how was it wrong?

Coworker uses her breast-pump everywhere in the office

How to make readers know that my work has used a hidden constraint?

When two POV characters meet

Ban on all campaign finance?

Decoding assembly instructions in a Game Boy disassembler

Prove that the total distance is minimised (when travelling across the longest path)

"However" used in a conditional clause?

Does Linux have system calls to access all the features of the file systems it supports?

If the Captain's screens are out, does he switch seats with the co-pilot?

"One can do his homework in the library"

exim4 showing tls_certificate and tls_privatekey not set when configured to send via Gmail via TLS 465

Exim and TLS AUTH not working for some clientsPublishing long domain key records in bind9Exim after Thunderbird update: “Could not negotiate a supported cipher suite”Exim4 panicking, missing /etc/vmail/<domain>/passwd fileFailed SPF for email imported to Gmail because of client IP instead of server's in message when sent through SMTP from one local box to anotherConfigure exim4 to use Microsoft Exchange as smarthosthow to set exim4 sender_helo_name on debianExim Configuration on Ubuntu 16.04, queue_per_connectionExim: send select outgoing mails through different serverMailx: cannot assign requested address using gmail

0

I have configured exim4 to send e-mails using TLS through smtp.gmail.com::465 , NOT STARTTLS through smtp.gmail.com::587. I used information provided to me that was pulled from various sources. The complete list of steps I performed can be seen at https://github.com/imthenachoman/How-To-Secure-A-Linux-Server#configure-gmail-as-mta-with-implicit-tls.

This is for a server at home, behind a router. I don't have a domain name so I created a local server-side certificate using /usr/share/doc/exim4-base/examples/exim-gencert.

I am able to send e-mails. I assume it is actually encrypted TLS traffic through 465 but I am not sure how to check.

I did a system audit using Lynis and it showed a warning for exim4:

[+] Software: e-mail and messaging

------------------------------------

  - Exim status                                               [ RUNNING ]

    - Type                                                    [ SATELLITE ]

    - Certificate not set                                     [ WARNING ]

    - Private Key not set                                     [ WARNING ]

I went through Lynis' source and discovered it is checking for these to be set by checking for tls_certificate and tls_privatekey in the output of exim -bP transport remote_smtp_smarthost:

$ sudo exim -bP transport remote_smtp_smarthost | egrep 'tls_certificate|tls_privatekey'

tls_certificate =

tls_privatekey =

I don't know how to remediate/fix this.

Questions:

1. Is it possible to verify exim4 is sending mail through encrypted TLS on port 465?


2. What do I need to do to fix the WARNING -- basically get the certificate/key set. Keep in mind, this is for a home server without a domain name so I can't get a legit certificate since there is no domain name to verify against.

linux debian ssl exim gmail

share|improve this question

asked 21 mins ago

IMTheNachoManIMTheNachoMan

1429

add a comment | 

0

I have configured exim4 to send e-mails using TLS through smtp.gmail.com::465 , NOT STARTTLS through smtp.gmail.com::587. I used information provided to me that was pulled from various sources. The complete list of steps I performed can be seen at https://github.com/imthenachoman/How-To-Secure-A-Linux-Server#configure-gmail-as-mta-with-implicit-tls.

This is for a server at home, behind a router. I don't have a domain name so I created a local server-side certificate using /usr/share/doc/exim4-base/examples/exim-gencert.

I am able to send e-mails. I assume it is actually encrypted TLS traffic through 465 but I am not sure how to check.

I did a system audit using Lynis and it showed a warning for exim4:

[+] Software: e-mail and messaging

------------------------------------

  - Exim status                                               [ RUNNING ]

    - Type                                                    [ SATELLITE ]

    - Certificate not set                                     [ WARNING ]

    - Private Key not set                                     [ WARNING ]

I went through Lynis' source and discovered it is checking for these to be set by checking for tls_certificate and tls_privatekey in the output of exim -bP transport remote_smtp_smarthost:

$ sudo exim -bP transport remote_smtp_smarthost | egrep 'tls_certificate|tls_privatekey'

tls_certificate =

tls_privatekey =

I don't know how to remediate/fix this.

Questions:

1. Is it possible to verify exim4 is sending mail through encrypted TLS on port 465?


2. What do I need to do to fix the WARNING -- basically get the certificate/key set. Keep in mind, this is for a home server without a domain name so I can't get a legit certificate since there is no domain name to verify against.

linux debian ssl exim gmail

share|improve this question

asked 21 mins ago

IMTheNachoManIMTheNachoMan

1429

add a comment | 

I have configured exim4 to send e-mails using TLS through smtp.gmail.com::465 , NOT STARTTLS through smtp.gmail.com::587. I used information provided to me that was pulled from various sources. The complete list of steps I performed can be seen at https://github.com/imthenachoman/How-To-Secure-A-Linux-Server#configure-gmail-as-mta-with-implicit-tls.

This is for a server at home, behind a router. I don't have a domain name so I created a local server-side certificate using /usr/share/doc/exim4-base/examples/exim-gencert.

I am able to send e-mails. I assume it is actually encrypted TLS traffic through 465 but I am not sure how to check.

I did a system audit using Lynis and it showed a warning for exim4:

[+] Software: e-mail and messaging

------------------------------------

  - Exim status                                               [ RUNNING ]

    - Type                                                    [ SATELLITE ]

    - Certificate not set                                     [ WARNING ]

    - Private Key not set                                     [ WARNING ]

I went through Lynis' source and discovered it is checking for these to be set by checking for tls_certificate and tls_privatekey in the output of exim -bP transport remote_smtp_smarthost:

$ sudo exim -bP transport remote_smtp_smarthost | egrep 'tls_certificate|tls_privatekey'

tls_certificate =

tls_privatekey =

I don't know how to remediate/fix this.

Questions:

1. Is it possible to verify exim4 is sending mail through encrypted TLS on port 465?


2. What do I need to do to fix the WARNING -- basically get the certificate/key set. Keep in mind, this is for a home server without a domain name so I can't get a legit certificate since there is no domain name to verify against.

linux debian ssl exim gmail

share|improve this question

asked 21 mins ago

IMTheNachoManIMTheNachoMan

1429

[+] Software: e-mail and messaging

------------------------------------

  - Exim status                                               [ RUNNING ]

    - Type                                                    [ SATELLITE ]

    - Certificate not set                                     [ WARNING ]

    - Private Key not set                                     [ WARNING ]

$ sudo exim -bP transport remote_smtp_smarthost | egrep 'tls_certificate|tls_privatekey'

tls_certificate =

tls_privatekey =

share|improve this question

asked 21 mins ago

IMTheNachoManIMTheNachoMan

1429

share|improve this question

asked 21 mins ago

IMTheNachoManIMTheNachoMan

1429

asked 21 mins ago

IMTheNachoManIMTheNachoMan

1429

asked 21 mins ago

IMTheNachoManIMTheNachoMan

1429