Bug 1417430 - Exim version 4.72
Summary: Exim version 4.72
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: exim
Version: el6
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jaroslav Škarvada
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-29 09:29 UTC by Marco Borla
Modified: 2017-01-30 11:07 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-01-30 11:07:35 UTC
Type: Bug


Attachments (Terms of Use)

Description Marco Borla 2017-01-29 09:29:07 UTC
Description of problem:

Webuzo CentOs panel is giving Exim version 4.72 as last version available for CentOs. They are unable to release last version because has perl dependence.

My VPS is CentOs 6.X and I cannot actually update to 7.0 for provider compatibility issue.

In Exim.conf I have:
openssl_options = +no_sslv2 +no_sslv3

but if I test my mail seems are used insecure chipter suite.
There is a way to tell to Exim to use strong Chipter suite?
I tried to add 
tls_require_ciphers = AES128+EECDH:AES128+EDH

but as soon I do this email are stopping to work.
If I cannot use tls_require_chipher there is a way to make connection secure? Can you release a patch in version 4.72 if I cannot secure 4.72?

I cannot upgrade Exim actually.

Version-Release number of selected component (if applicable):

4.72

How reproducible:

When I add in exim.conf 
tls_require_ciphers = AES128+EECDH:AES128+EDH
I AM unable to send email.

When I test my email connection security es mail.mydomain.com:993 my security score is bad


Actual results:
Seems I AM unable to use tls_require_ciphers = AES128+EECDH:AES128+EDH for make connection secure.

Expected results:

A solution for use only secure chipher suite

Additional info:

Comment 1 Jaroslav Škarvada 2017-01-30 11:07:35 UTC
We finally rebased to exim-4.88, because upstream dropped support for 4.72 and it became more and more time demanding for us to maintain it.

I cannot see any perl problem regarding RHEL-6. As CentOS is build from RHEL sources, there shouldn't be any problem regarding versions mismatch. Is your system fully updated, i.e. RHEL 6.8 code base or newer?

If you cannot update, you have to rebuild exim from sources yourself - this should resolve any versions mismatch you could have on system which is not fully updated, or persuade your support group to do it for you. We do not provide support for CentOS, nor for unsupported SW versions.


Note You need to log in before you can comment on or make changes to this bug.