[exim] Re: ZDI (was: Mitigation statement for CVE-2023-42119)

2023-10-07 Thread Claus Assmann via Exim-users
On Fri, Oct 06, 2023, Ian Z via Exim-users wrote: > Does anyone know who ZDI *is* ? What does the abbreviation stand for? Have you tried wikipedia? Zero Day Initiative Type Software vulnerability program Industry Cyber security Founded July 25, 2005; 18 years ago (2005-07-

[exim] Fixing or disabling TLS for internal network hosts

2023-10-07 Thread AC via Exim-users
I have one primary Exim installation that is my main mail server visible to both the internal hosts and as a public host so TLS is enabled on it. My internal hosts are using Exim in smarthost mode to handle sending daemon mail to the main server. All of this is working fine, I just get messag

[exim] Re: Fixing or disabling TLS for internal network hosts

2023-10-07 Thread Ian Z via Exim-users
On Sat, Oct 07, 2023 at 04:10:24PM -0700, AC via Exim-users wrote: > The internal hosts are running self-signed certificates. So is there > a way to either make the self-signed certificates acceptable to the > main Exim server or otherwise disable the use of TLS by either the > internal servers or

[exim] Re: Fixing or disabling TLS for internal network hosts

2023-10-07 Thread AC via Exim-users
On 2023-10-07 18:55, Ian Z via Exim-users wrote: On Sat, Oct 07, 2023 at 04:10:24PM -0700, AC via Exim-users wrote: The internal hosts are running self-signed certificates. So is there a way to either make the self-signed certificates acceptable to the main Exim server or otherwise disable the

[exim] Re: Fixing or disabling TLS for internal network hosts

2023-10-07 Thread Viktor Dukhovni via Exim-users
On Sat, Oct 07, 2023 at 08:52:24PM -0700, AC via Exim-users wrote: > The error message on the main server is: > TLS error on connection from [host] (recv): A TLS fatal alert has been > received.: Certificate is bad You've misunderstood the message. TLS "alerts" are errors reported to the local T

[exim] Re: Fixing or disabling TLS for internal network hosts

2023-10-07 Thread AC via Exim-users
On 2023-10-07 21:44, Viktor Dukhovni via Exim-users wrote: On Sat, Oct 07, 2023 at 08:52:24PM -0700, AC via Exim-users wrote: The error message on the main server is: TLS error on connection from [host] (recv): A TLS fatal alert has been received.: Certificate is bad You've misunderstood the

[exim] Re: Fixing or disabling TLS for internal network hosts

2023-10-07 Thread Viktor Dukhovni via Exim-users
On Sat, Oct 07, 2023 at 09:53:25PM -0700, AC via Exim-users wrote: > As for misunderstanding the error, perhaps it could be modified to better > explain which side is causing the message since I obviously assumed that a > message in the server logs indicated the server had a problem absent any > o

[exim] Re: Fixing or disabling TLS for internal network hosts

2023-10-07 Thread AC via Exim-users
On 2023-10-07 22:10, Viktor Dukhovni via Exim-users wrote: On Sat, Oct 07, 2023 at 09:53:25PM -0700, AC via Exim-users wrote: As for misunderstanding the error, perhaps it could be modified to better explain which side is causing the message since I obviously assumed that a message in the serve