Hy Phil. Thank you very much, i am running GnuTLS and safe! Thank you for your support :D
Kind regards, elrippo On 16. April 2014 04:37:22 MESZ, Phil Pennock <[email protected]> wrote: >On 2014-04-15 at 21:14 +0200, Elrippo wrote: >> Firstly i want to apologize for being late on that topic, but i >missed the list on exim relevant precautions regarding exim4 running on >an Ubuntu precise box. >> I updated my box, and it is using the right and adviced openssl >libraries. >> Could you be so kind, to tell me -if there are any- what steps need >to be taken to secure exim? > >Run: > > exim -d -bV | less > >It will give you information about the compile-time and run-time >versions of various libraries; on a box where Exim is using OpenSSL, >this might be something like: > >----------------------------8< cut here >>8------------------------------ >Library version: OpenSSL: Compile: OpenSSL 1.0.1e 11 Feb 2013 > Runtime: OpenSSL 1.0.1g 7 Apr 2014 >----------------------------8< cut here >>8------------------------------ > >If you're using standard Exim packages on Ubuntu, then there's nothing >to do, because Exim will be using GnuTLS instead of OpenSSL, so >Heartbleed was not an issue for you: >----------------------------8< cut here >>8------------------------------ >Library version: GnuTLS: Compile: 2.12.14 > Runtime: 2.12.14 >----------------------------8< cut here >>8------------------------------ > >If you are using a custom Exim build using OpenSSL, but using the >system >OpenSSL libraries, then it's highly likely that you're using an OpenSSL >which was patched without changing the run-time reported version >number. >Worse, Exim just reports the basic version string, not the build >timestamp, so you can't prove directly that a new Exim process is using >the correct library. But if only one OpenSSL library is installed, and >"lsof -c exim4" shows that the library file mmap'd into the Exim >address-space is the correct path (and not some other OpenSSL which >you'd forgotten about) then you should be good. Make sure to restart >Exim after updating OpenSSL. > >Regards, >-Phil -- -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
