Re: [exim] Exim MariaDB and SSL
Jeremy Harris via Exim-users (Di 01 Nov 2022 11:24:45 CET): > On 01/11/2022 06:28, Brent Clark via Exim-users wrote: > > I would like to run exim to use MariaDB's inherent TLS / SSL functions. > > > > Is this possible with exim? I changed the '/etc/my.cnf' '[client]' section > > to define the key/cert/csa, and Dovecot picked it up great, but exim > > doesn't seem to. > > > > I checked the exim docs under MySQL and didn't see any reference to SSL. Is > > it not possible to use MySQL's native SSL support with exim? > JGH is right. We have for the mysql_servers option: ::()[]/// (I missed the related function call in Exim's sources.) So having TLS options in one of the my.cnf should work. Maybe you used the wrong option group (as JGH guessed), or the wrong file, or wrong permissions on the file, or any combination of all these. -- Heiko signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
On 01/11/2022 06:28, Brent Clark via Exim-users wrote: I would like to run exim to use MariaDB's inherent TLS / SSL functions. Is this possible with exim? I changed the '/etc/my.cnf' '[client]' section to define the key/cert/csa, and Dovecot picked it up great, but exim doesn't seem to. I checked the exim docs under MySQL and didn't see any reference to SSL. Is it not possible to use MySQL's native SSL support with exim? https://dev.mysql.com/doc/refman/8.0/en/option-files.html says: "Option File Syntax ... opt_name=value This is equivalent to --opt_name=value on the command line." and https://dev.mysql.com/doc/refman/8.0/en/connection-options.html says: "Table 4.4 Connection-Encryption Option Summary". IF MariaDB follows the same, you can configure for encrypted connections in that option-file. The default "group" identifier used by Exim is "exim" (I think you assumed "client" above) though that is changeable in the Exim config. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
Heiko Schlittermann via Exim-users (Di 01 Nov 2022 08:00:55 CET): > Good Morning, > Brent Clark via Exim-users (Di 01 Nov 2022 07:28:42 > CET): > > I would like to run exim to use MariaDB's inherent TLS / SSL functions. > ... > > I checked the exim docs under MySQL and didn't see any reference to SSL. Is > > it not possible to use MySQL's native SSL support with exim? > > I checked the sources and it seems that Exim doesn't support encrypted > connections with MySQL servers. But we should provide it. This could help us: https://mariadb.com/kb/en/mysql_optionsv/ But currently we do not use it and I'm not sure about backward compatibility. -- Heiko signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
On Tue, Nov 1, 2022 at 11:22 AM Brent Clark wrote: > Its not a "local socket connection" > > Im connected to a Galera cluster for vmail. > > Regards > Brent > [Please don't top-post!] You can easily solve this problem with Wireguard and establish an encrypted connection between the peer hosts. For now, that would be the easiest solution before @Jeremy Harris and his team gives you the features you are after. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
I would rather then use https://proxysql.com/documentation/ssl-support/ Regards Brent On 2022/11/01 10:34, Slavko via Exim-users wrote: Dňa 1. novembra 2022 8:22:33 UTC používateľ Brent Clark via Exim-users napísal: Im connected to a Galera cluster for vmail. Connot be stunnel workaround? Quick search results in https://uit.stanford.edu/service/sql/configuring_stunnel (I do not use mysql/mariadb from exim) regards -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
Its not a "local socket connection" Im connected to a Galera cluster for vmail. Regards Brent On 2022/11/01 10:19, Odhiambo Washington wrote: local socket connection -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
Dňa 1. novembra 2022 8:22:33 UTC používateľ Brent Clark via Exim-users napísal: >Im connected to a Galera cluster for vmail. Connot be stunnel workaround? Quick search results in https://uit.stanford.edu/service/sql/configuring_stunnel (I do not use mysql/mariadb from exim) regards -- Slavko https://www.slavino.sk/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
On Tue, Nov 1, 2022 at 11:00 AM Brent Clark wrote: > I came across this > > https://lists.exim.org/lurker/message/20180514.215522.0efe8d21.gl.html > > Im trying to make heads or tails of this. > If Exim is using a local socket connection to MySQL, then why does this worry you? If it was a TCP connection to a remote host then your concern would be understandable. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
I came across this https://lists.exim.org/lurker/message/20180514.215522.0efe8d21.gl.html Im trying to make heads or tails of this. Regards Brent On 2022/11/01 09:10, Odhiambo Washington wrote: On Tue, Nov 1, 2022 at 9:39 AM Brent Clark via Exim-users wrote: Good day Guys I would like to run exim to use MariaDB's inherent TLS / SSL functions. Is this possible with exim? I changed the '/etc/my.cnf' '[client]' section to define the key/cert/csa, and Dovecot picked it up great, but exim doesn't seem to. I checked the exim docs under MySQL and didn't see any reference to SSL. Is it not possible to use MySQL's native SSL support with exim? If anyone can please share their 'hide mysql_servers', it would be appreciated. Regards Brent Clark According to the documentation, the options for Exim to connect to a MySQL instance remain: hide mysql_servers = ::(name>)/// Now unless you make a feature request to add the options to secure that connection with SSL, I believe there is no such option at the moment. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
On Tue, Nov 1, 2022 at 9:39 AM Brent Clark via Exim-users < exim-users@exim.org> wrote: > Good day Guys > > I would like to run exim to use MariaDB's inherent TLS / SSL functions. > > Is this possible with exim? I changed the '/etc/my.cnf' '[client]' > section to define the key/cert/csa, and Dovecot picked it up great, but > exim doesn't seem to. > > I checked the exim docs under MySQL and didn't see any reference to SSL. > Is it not possible to use MySQL's native SSL support with exim? > > If anyone can please share their 'hide mysql_servers', it would be > appreciated. > > Regards > Brent Clark > According to the documentation, the options for Exim to connect to a MySQL instance remain: hide mysql_servers = ::()/// Now unless you make a feature request to add the options to secure that connection with SSL, I believe there is no such option at the moment. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
Good Morning, Brent Clark via Exim-users (Di 01 Nov 2022 07:28:42 CET): > I would like to run exim to use MariaDB's inherent TLS / SSL functions. ... > I checked the exim docs under MySQL and didn't see any reference to SSL. Is > it not possible to use MySQL's native SSL support with exim? I checked the sources and it seems that Exim doesn't support encrypted connections with MySQL servers. But we should provide it. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Exim MariaDB and SSL
Good day Guys I would like to run exim to use MariaDB's inherent TLS / SSL functions. Is this possible with exim? I changed the '/etc/my.cnf' '[client]' section to define the key/cert/csa, and Dovecot picked it up great, but exim doesn't seem to. I checked the exim docs under MySQL and didn't see any reference to SSL. Is it not possible to use MySQL's native SSL support with exim? If anyone can please share their 'hide mysql_servers', it would be appreciated. Regards Brent Clark -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/