Re: [exim] Exim MariaDB and SSL
Brent Clark via Exim-users (Fr 04 Nov 2022 13:38:18 CET): > > All I did was, I created the file /etc/mysql/conf.d/my,cnf > > With the contents. > [exim] > host= $IP_OF_PROXYSQL > port= $PORT > user=$USERNAME > password=$PASSWORD > database=$DATABASE > ssl_cert=/etc/ssl/server-cert.pem > ssl_key=/etc/ssl/server-key.pem > ssl_ca=/etc/ssl/ca-cert.pem For Exim the host, port, user, and password are not necessary, if configured in Exim's config, right? Did you duplicate it from there, or did you omit these settings from Exim's config? Check this commit please, if it fits your expectations: 7d5dcdd4cbee9e980e9c2d2e72e3bf76e6c39a87 https://git.exim.org/exim.git/commit/7d5dcdd4cbee9e980e9c2d2e72e3bf76e6c39a87 -- Heiko signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
On 2022/11/02 16:27, Andrew C Aitchison via Exim-users wrote: You don't say which of these suggestions, if any, helped. If I can suggest ... to the powers that be. Maybe update and clarify in the documentation (an example too couldn't hurt). Use it ... don't use it. The PTB are overloaded. Would you care to write the changes you would like to see and submit them either here to exim-...@exim.org ? Sure All I did was, I created the file /etc/mysql/conf.d/my,cnf With the contents. [exim] host= $IP_OF_PROXYSQL port= $PORT user=$USERNAME password=$PASSWORD database=$DATABASE ssl_cert=/etc/ssl/server-cert.pem ssl_key=/etc/ssl/server-key.pem ssl_ca=/etc/ssl/ca-cert.pem Thats all I needed to do on Exims side. Then for Dovecots /etc/dovecot/dovecot-sql.conf.ext I set: driver = mysql connect = option_group=exim option_file=/etc/mysql/conf.d/my.cnf Dont forget to configure your DB user with "REQUIRE SSL" then tcpdump, to make sure its encrypted. I think thats everything. Hope this helps Regards Brent Clark -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
On Wed, 2 Nov 2022, Brent Clark via Exim-users wrote: On 2022/11/01 13:06, Heiko Schlittermann via Exim-users wrote: ::()[group>]/// (I missed the related function call in Exim's sources.) So having TLS options in one of the my.cnf should work. Maybe you used the wrong option group (as JGH guessed), or the wrong file, or wrong permissions on the file, or any combination of all these. Thanks guys Got it working. You don't say which of these suggestions, if any, helped. If I can suggest ... to the powers that be. Maybe update and clarify in the documentation (an example too couldn't hurt). Use it ... don't use it. The PTB are overloaded. Would you care to write the changes you would like to see and submit them either here to exim-...@exim.org ? -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
On 2022/11/01 13:06, Heiko Schlittermann via Exim-users wrote: ::()[]/// (I missed the related function call in Exim's sources.) So having TLS options in one of the my.cnf should work. Maybe you used the wrong option group (as JGH guessed), or the wrong file, or wrong permissions on the file, or any combination of all these. Thanks guys Got it working. If I can suggest ... to the powers that be. Maybe update and clarify in the documentation (an example too couldn't hurt). Use it ... don't use it. Many thanks again to the community for the help. Regards Brent Clark -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
Jeremy Harris via Exim-users (Di 01 Nov 2022 11:24:45 CET): > On 01/11/2022 06:28, Brent Clark via Exim-users wrote: > > I would like to run exim to use MariaDB's inherent TLS / SSL functions. > > > > Is this possible with exim? I changed the '/etc/my.cnf' '[client]' section > > to define the key/cert/csa, and Dovecot picked it up great, but exim > > doesn't seem to. > > > > I checked the exim docs under MySQL and didn't see any reference to SSL. Is > > it not possible to use MySQL's native SSL support with exim? > JGH is right. We have for the mysql_servers option: ::()[]/// (I missed the related function call in Exim's sources.) So having TLS options in one of the my.cnf should work. Maybe you used the wrong option group (as JGH guessed), or the wrong file, or wrong permissions on the file, or any combination of all these. -- Heiko signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
On 01/11/2022 06:28, Brent Clark via Exim-users wrote: I would like to run exim to use MariaDB's inherent TLS / SSL functions. Is this possible with exim? I changed the '/etc/my.cnf' '[client]' section to define the key/cert/csa, and Dovecot picked it up great, but exim doesn't seem to. I checked the exim docs under MySQL and didn't see any reference to SSL. Is it not possible to use MySQL's native SSL support with exim? https://dev.mysql.com/doc/refman/8.0/en/option-files.html says: "Option File Syntax ... opt_name=value This is equivalent to --opt_name=value on the command line." and https://dev.mysql.com/doc/refman/8.0/en/connection-options.html says: "Table 4.4 Connection-Encryption Option Summary". IF MariaDB follows the same, you can configure for encrypted connections in that option-file. The default "group" identifier used by Exim is "exim" (I think you assumed "client" above) though that is changeable in the Exim config. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
Heiko Schlittermann via Exim-users (Di 01 Nov 2022 08:00:55 CET): > Good Morning, > Brent Clark via Exim-users (Di 01 Nov 2022 07:28:42 > CET): > > I would like to run exim to use MariaDB's inherent TLS / SSL functions. > ... > > I checked the exim docs under MySQL and didn't see any reference to SSL. Is > > it not possible to use MySQL's native SSL support with exim? > > I checked the sources and it seems that Exim doesn't support encrypted > connections with MySQL servers. But we should provide it. This could help us: https://mariadb.com/kb/en/mysql_optionsv/ But currently we do not use it and I'm not sure about backward compatibility. -- Heiko signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
On Tue, Nov 1, 2022 at 11:22 AM Brent Clark wrote: > Its not a "local socket connection" > > Im connected to a Galera cluster for vmail. > > Regards > Brent > [Please don't top-post!] You can easily solve this problem with Wireguard and establish an encrypted connection between the peer hosts. For now, that would be the easiest solution before @Jeremy Harris and his team gives you the features you are after. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
I would rather then use https://proxysql.com/documentation/ssl-support/ Regards Brent On 2022/11/01 10:34, Slavko via Exim-users wrote: Dňa 1. novembra 2022 8:22:33 UTC používateľ Brent Clark via Exim-users napísal: Im connected to a Galera cluster for vmail. Connot be stunnel workaround? Quick search results in https://uit.stanford.edu/service/sql/configuring_stunnel (I do not use mysql/mariadb from exim) regards -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
Its not a "local socket connection" Im connected to a Galera cluster for vmail. Regards Brent On 2022/11/01 10:19, Odhiambo Washington wrote: local socket connection -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
Dňa 1. novembra 2022 8:22:33 UTC používateľ Brent Clark via Exim-users napísal: >Im connected to a Galera cluster for vmail. Connot be stunnel workaround? Quick search results in https://uit.stanford.edu/service/sql/configuring_stunnel (I do not use mysql/mariadb from exim) regards -- Slavko https://www.slavino.sk/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
On Tue, Nov 1, 2022 at 11:00 AM Brent Clark wrote: > I came across this > > https://lists.exim.org/lurker/message/20180514.215522.0efe8d21.gl.html > > Im trying to make heads or tails of this. > If Exim is using a local socket connection to MySQL, then why does this worry you? If it was a TCP connection to a remote host then your concern would be understandable. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
I came across this https://lists.exim.org/lurker/message/20180514.215522.0efe8d21.gl.html Im trying to make heads or tails of this. Regards Brent On 2022/11/01 09:10, Odhiambo Washington wrote: On Tue, Nov 1, 2022 at 9:39 AM Brent Clark via Exim-users wrote: Good day Guys I would like to run exim to use MariaDB's inherent TLS / SSL functions. Is this possible with exim? I changed the '/etc/my.cnf' '[client]' section to define the key/cert/csa, and Dovecot picked it up great, but exim doesn't seem to. I checked the exim docs under MySQL and didn't see any reference to SSL. Is it not possible to use MySQL's native SSL support with exim? If anyone can please share their 'hide mysql_servers', it would be appreciated. Regards Brent Clark According to the documentation, the options for Exim to connect to a MySQL instance remain: hide mysql_servers = ::(name>)/// Now unless you make a feature request to add the options to secure that connection with SSL, I believe there is no such option at the moment. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
On Tue, Nov 1, 2022 at 9:39 AM Brent Clark via Exim-users < exim-users@exim.org> wrote: > Good day Guys > > I would like to run exim to use MariaDB's inherent TLS / SSL functions. > > Is this possible with exim? I changed the '/etc/my.cnf' '[client]' > section to define the key/cert/csa, and Dovecot picked it up great, but > exim doesn't seem to. > > I checked the exim docs under MySQL and didn't see any reference to SSL. > Is it not possible to use MySQL's native SSL support with exim? > > If anyone can please share their 'hide mysql_servers', it would be > appreciated. > > Regards > Brent Clark > According to the documentation, the options for Exim to connect to a MySQL instance remain: hide mysql_servers = ::()/// Now unless you make a feature request to add the options to secure that connection with SSL, I believe there is no such option at the moment. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim MariaDB and SSL
Good Morning, Brent Clark via Exim-users (Di 01 Nov 2022 07:28:42 CET): > I would like to run exim to use MariaDB's inherent TLS / SSL functions. ... > I checked the exim docs under MySQL and didn't see any reference to SSL. Is > it not possible to use MySQL's native SSL support with exim? I checked the sources and it seems that Exim doesn't support encrypted connections with MySQL servers. But we should provide it. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Exim MariaDB and SSL
Good day Guys I would like to run exim to use MariaDB's inherent TLS / SSL functions. Is this possible with exim? I changed the '/etc/my.cnf' '[client]' section to define the key/cert/csa, and Dovecot picked it up great, but exim doesn't seem to. I checked the exim docs under MySQL and didn't see any reference to SSL. Is it not possible to use MySQL's native SSL support with exim? If anyone can please share their 'hide mysql_servers', it would be appreciated. Regards Brent Clark -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/