exim4 sounds like Debian
On Tue, 29 Jan 2013, Phil Pennock wrote:
On 2013-01-29 at 11:53 -0600, Raymond Norton wrote:
(Ubuntu 12.0.4 - Exim4 -Baruwa 2.0.0)
This doesn't tell us anything about which version of Exim is used beyond
that it's something in "Exim4". There have been significant changes in
recent Exim 4 when it comes to GnuTLS configuration, entirely replacing
which configuration directives are used. See README.UPDATING as of 4.80
or later.
I'm getting a lot of the following in my logs, but don't know if it is
normal, or an issue with my configuration,
Your configuration.
11:26:20 6310 LOG: MAIN
11:26:20 6310 TLS error on connection from (mail-oa0-f70.google.com)
[209.85.219.70] (gnutls_handshake): No supported cipher suites have been
found.
Google do not use unusual ciphersuites; not _default_ for things like
OpenSSL, as they strongly bias towards RC4-SHA for performance reasons,
but that should be accepted by you for connections from the Internet, as
it's normal and reasonable.
In mails from google.com machines, my logs record X=TLSv1:RC4-SHA:128
(and I support newer versions of TLS).
(Beware that for licensing/legal reasons, RC4 is sometimes spelt
ARCFOUR, especially in GnuTLS.)
Assuming you're using Exim 4.80.1 or somesuch, then pass whatever you
gave the "tls_require_ciphers" option in Exim to the
gnutls-list-ciphers(1) command.
A sane value for tls_require_ciphers in the main section, where you're
controlling TLS connections from the open Internet, might be:
tls_require_ciphers = NORMAL:%COMPAT
-Phil
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
