a temporary error. Here are some possibilities:
(1) The messages to \(aol.com)\ got put in your queue, but no previous
- delivery attempt occured before you did the \-R-\. This might have been
+ delivery attempt occurred before you did the \-R-\. This might have been
because of your settings of \queue_only_load\, \smtp_accept_queue\, or any
other option that caused no immediate delivery attempt on arrival. If
this is the case, you can try using \-qqR-\ instead of \-R-\.
taken from Exim's change log:
When Exim is receiving multiple messages on a single connection, and
- spinning off delivery processess, it sets the SIGCHLD signal handling to
+ spinning off delivery processes, it sets the SIGCHLD signal handling to
SIG_IGN, because it doesn't want to wait for these processes. However,
because on some OS this didn't work, it also has a paranoid call to
\^waitpid()^\ in the loop to reap any children that have finished. Some
==> adduser exim
(3) Now you can prepare to build Exim. Go to \?https://www.exim.org?\ or
- one of its mirrors, or the master ftp site
+ one of its mirrors, or the master FTP site
\?ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4?\, and download
\(exim-4.20.tar.gz)\ or whatever the current release is. Then:
any more. How can I arrange to delete any mail that is sent to them?
A0419: To reject them at SMTP time, with a customized error message, place
- statments like this in the ACL:
+ statements like this in the ACL:
==> deny message = The domain $domain is obsolete
domains = lsearch;/etc/exim/obsolete.domains
up earlier on some types of file system, compared with others.
Exim was not designed for handling large queues. If you are in an
- enviroment where lots of messages remain on the queue for long periods
+ environment where lots of messages remain on the queue for long periods
of time, consider implementing a back up host to which you pass these
messages, so that the main host's queue remains short. You can use
\fallback_hosts\ to do this, or a router that is conditional on
to enable my clients to use TLS. However, clients other than Exim
refuse to accept this certificate. What's wrong?
-A1701: It seems that some clients require that the certificate presented by
- the server be a user (also called ``leaf'' or ``site'') certificate, and not
- a self-signed certificate. In this situation, the self-signed
- certificate must be installed on the client as a trusted root
- \*certification authority*\ (CA), and the certificate used by the server
- must be a user certificate signed with that self-signed certificate.
+A1701: Don't use a self-signed certificate today. Use a certificate from a
+ certificate authority, whether your own private certificate authority or
+ a free CA such as Let's Encrypt.
- For information on creating self-signed CA certificates and using them
- to sign user certificates, see the \*General implementation overview*\
- chapter of the Open-source PKI book, available online at
- \?http://ospkibook.sourceforge.net/?\. Here is a quick overview. First,
- read this message:
-
- \?http://www.FreeBSD.org/cgi/mid.cgi?id=3C3F3A93.C1ECF9B0%40mindspring.com?\
-
- Then, follow the instructions found on these two (consecutive) pages:
-
- \?http://ospkibook.sourceforge.net/docs/OSPKI-2.4.6/OSPKI/initialisation.htm?\
- \?http://ospkibook.sourceforge.net/docs/OSPKI-2.4.6/OSPKI/keygensign.htm?\
-
- Two points on the PKI Book literature:
-
- (1) It's assumed that it's okay to use a passphrase-protected key to
- encrypt the user/site/leaf certificate. If this isn't acceptable,
- you seem to be able to strip out the passphrase as follows:
-
-==> openssl rsa -in user.key -our user.key.new
- mv user.key.new
-
- This should be done immediately after \(user.key)\ is created.
-
- (2) The \*sign.sh*\ script is available in the \*mod_ssl*\ distribution,
- available at \?http://www.modssl.org/source/?\.
-
- Having followed the instructions, you end up with the following files:
-
- (a) \(ca.crt)\
-
- This file should be installed into the client software as a trusted
- root certification authority. In Windows XP, this can be done as follows:
-
- \#\#Call the file \(ca_cert.cer)\
- [[br]]
- \#\#Double-click on the file
- [[br]]
- \#\#"Install Certificate";
- [[br]]
- \#\#"Next"
- [[br]]
- \#\#"Place all certificates in the following store"
- [[br]]
- \#\#"Browse..."
- [[br]]
- \#\#"Trusted Root Certification Authorities"
- [[br]]
- \#\#"OK"
- [[br]]
- \#\#"Next"
- [[br]]
- \#\#"Finish"
- [[br]]
- \#\#"Yes"
- [[br]]
- \#\#"OK"
-
- (b) \(user.crt)\ and \(user.key)\
-
- These files should be installed into the server software. In Exim, this
- can be done by adding these lines to the configuration file:
-
-==> tls_certificate = /usr/local/etc/exim/tls_cert
- tls_privatekey = /usr/local/etc/exim/tls_key
-
- Then install \(user.crt)\ and \(user.key)\ under the names \(tls_cert)\
- and \(tls_key)\ in the appropriate directory.
+ The exim.org setup uses Let's Encrypt, using the lego tooling and a small
+ shell wrapper to let the certificates be automatically renewed via cron.
+ \?https://github.com/xenolf/lego?\
Q1702: How can I arrange for Exim to advertise support for SMTP authentication
only when the session is encrypted?
land for Majordomo at the same time.
A9604: The problem appears to be the number of open files the system can
- handle. This is changable by using the proc filesystem. To your
+ handle. This is changeable by using the proc filesystem. To your
\(/etc/rc.d/rc.local)\ file append something like the following:
==> # Now System is up, Modify kernel parameters for max open etc.
names of the form Fnnn are filter file fragments; those with names of the form
Lnnn are sample \^^local_scan()^^\ functions, and those with names of thf form
Snnn are scripts of various kinds. There are other examples of
-\^^local_scan()^^\ functions at a number of web sites (for example,
+\^^local_scan()^^\ functions at a number of websites (for example,
\?http://marc.merlins.org/linux/exim/sa.html?\).
There are gaps in the C and F numbers because I have omitted the Exim 3 samples