On 2020-04-28 19:22:34 +0200, Francesco Poli wrote: > On Tue, 21 Jan 2020 13:55:20 +0100 Vincent Lefevre <[email protected]> > wrote: [...] > > Each time I upgrade exim4, I get: > > > > Setting up exim4-config (4.93-9) ... > > 2020-01-21 13:27:26 Warning: No server certificate defined; will use a > > selfsigned one. > > Suggested action: either install a certificate or change > > tls_advertise_hosts option > > It is also written to /var/log/exim4/mainlog at *each* queue run (thus > twice per hour).
Twice per hour by default. I run the queue every 5 minutes in order to get greylisted mail sent faster. Thus I get this message every 5 minutes. > I am also under the impression that this warning should be muted, at > least when > > $ grep interfaces /etc/exim4/update-exim4.conf.conf > dc_local_interfaces='127.0.0.1 ; ::1' > > The rationale is: if my exim only listens to the loopback interface, > then I don't need a server certificate, since my exim won't accept > connections from remote clients. > Does this make sense? No, I don't think that this is related. It is fine to use a self-signed certificate even if you are listening broadly. FYI, I don't have any issue with postfix, which uses /etc/ssl/certs/ssl-cert-snakeoil.pem (certificate) /etc/ssl/private/ssl-cert-snakeoil.key (private key) created by the ssl-cert package. For the client, I just have to provide the fingerprint of the certificate. IMHO, if a warning is important, it is on the client side (but this should be more than a warning, the client should refuse the connection). -- Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

