Jakob Hirsch a écrit :
Quoting Olivier Bonvalet:
I haven't got enough entropy on my servers, and "/dev/random" is
"blocking".
Now, I'll search to a "true" solution :
Do you really need TLS for sending out your newsletter?
If not: hosts_avoid_tls is expanded, so you could use it for disabling
TLS when sending out the newsletter (detected by sender address, header,
subject etc.).
You're right : I'll try to disable it, with "hosts_avoid_tls = *".
If yes: I think there's not much you can do in Exim, it's caused by the
system itself. You can try to get more entropy, either by using a script
as the one on the page you posted, or by patching the kernel. As the
page mentions, there was a change somewhere between 2.6.9 and 2.6.12
(AFAIR), where the network interface was removed as an entropy source
for security reasons. I saw a kernel patch to change that back a while ago.
I tried some "hacks" which give more entropy, but its work a too short
time. It is why
I replace /dev/random by /dev/urandom.
Other possible ways are:
- a hardware RNG, either in the chipset (supported by the kernel) or
from a cheap microphone (kernel patch available)
- Entropy Gathering Daemon (EGD) or similar user space tools, must be
supported by your software (patched openssl?)
No, in my case I really don't think it is a solution. It is rented
dedicated servers, so I can't add
hardware, and don't want have to compile anything (except the kernel).
So, I'll try to switch off TLS :)
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
