On Thu, 19 May 2011 01:06:49 +0100 Mikolaj Kucharski wrote: > On Thu, May 19, 2011 at 12:42:57AM +0200, Gilles Chehade wrote: > > smtpd is just telling you that you did not generate Diffie-Hellman > > parameters [see smtpd.conf(5) / starttls(8)], and that it will use > > its own builtin parameters. > > > > It is safe to ignore the message, but it is safer to actually take > > the time to generate your very own parameters. We don't do it when > > booting or starting smtpd for the first time because it can take a > > very looooooooooong time :-)
Interestingly on the same unloaded system, sometimes it takes absolutely ages and sometimes it takes seconds. > > Okay, but how big (long) DH parameters file I should generate? Is this > something simple as: > > openssl dhparam -outform PEM -out dh.pem <size> > > I didn't really get that after reading smtpd.conf(5) and starttls(8). > > -- > best regards > q# > I do 1024 and regenerate it every so often (early morning, once a week or twice a year, depending on usage/preference)
