From d21074d0a77d36f09ea70fbaa8cca30b94bdb2e5 Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Sun, 5 Apr 2009 02:09:02 +0100 Subject: [PATCH] Make TLS usage in exim conditional on having the infrastructure to do so. It's a little racy, so I don't want to make exim whine about it Signed-off-by: Stephen Gran --- facts/mta.rb | 10 ++++++++++ modules/exim/files/common/exim4.conf | 6 ++++++ templates/exim-local-auto.erb | 5 +++++ 3 files changed, 21 insertions(+) diff --git a/facts/mta.rb b/facts/mta.rb index 5d2242a61..74272b678 100644 --- a/facts/mta.rb +++ b/facts/mta.rb @@ -7,3 +7,13 @@ Facter.add("mta") do mta end end + +facter.add("exim_ssl_certs") do + setcode do + FileTest.exist?("/etc/exim4/ssl/") && + FileTest.exist?("/etc/exim4/ssl/ca.crl") && + FileTest.exist?("/etc/exim4/ssl/thishost.crt") && + FileTest.exist?("/etc/exim4/ssl/ca.crt") && + FileTest.exist?("/etc/exim4/ssl/thishost.key") + end +end diff --git a/modules/exim/files/common/exim4.conf b/modules/exim/files/common/exim4.conf index 6c4fecb9f..3b87319b3 100644 --- a/modules/exim/files/common/exim4.conf +++ b/modules/exim/files/common/exim4.conf @@ -124,6 +124,7 @@ RESERVEDADDRS = 0.0.0.0/8 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 : \ hostlist reservedaddrs = RESERVEDADDRS +.ifdef USE_TLS tls_certificate = /etc/exim4/ssl/thishost.crt tls_privatekey = /etc/exim4/ssl/thishost.key .ifdef RELAY_HOST @@ -131,6 +132,7 @@ tls_try_verify_hosts = * tls_verify_certificates = /etc/exim4/ssl/ca.crt tls_crl = /etc/exim4/ssl/ca.crl .endif +.endif #system_filter = /etc/exim4/filter #system_filter_file_transport = address_file @@ -198,7 +200,9 @@ admin_groups = adm remote_sort_domains = *.debian.org:*.debian.net pipelining_advertise_hosts = !* +.ifdef USE_TLS tls_advertise_hosts = * +.endif smtp_enforce_sync = true log_selector = +tls_cipher +tls_peerdn +queue_time +deliver_time +smtp_connection +smtp_incomplete_transaction +smtp_confirmation @@ -1126,9 +1130,11 @@ address_reply: remote_smtp: driver = smtp connect_timeout = 1m +.ifdef USE_TLS tls_tempfail_tryclear = true tls_certificate = /etc/exim4/ssl/thishost.crt tls_privatekey = /etc/exim4/ssl/thishost.key +.endif # Send the message to procmail procmail_pipe: diff --git a/templates/exim-local-auto.erb b/templates/exim-local-auto.erb index e2310b37a..e3e4f07fe 100644 --- a/templates/exim-local-auto.erb +++ b/templates/exim-local-auto.erb @@ -36,3 +36,8 @@ HAVE_USER_QA = 1 <% else -%> # HAVE_USER_QA is undefined <% end -%> +<% if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true" -%> +USE_TLS = 1 +<% else -%> +# USE_TLS is undefined +<% end -%> -- 2.20.1