Re: sendmail STARTTLS

Previous thread: Re: pf openbsd 4.2 machine stopped responding by Stuart Henderson on Monday, July 14, 2008 - 2:14 am. (2 messages)

Next thread: acer aspire m1610 by sonjaya on Monday, July 14, 2008 - 3:40 am. (1 message)

[view original message]

From: Stuart Henderson

Subject: Re: sendmail STARTTLS

Date: Monday, July 14, 2008 - 3:27 am

I would go through starttls(8) again from scratch, it does work.

I think the only thing it doesn't _explicitly_ say is to type
your hostname in as the Common Name in the certificate (though
the prompts from openssl should suggest that it's needed).

[ message continues ]

[view original message]

From: GVG GVG

Subject: Re: sendmail STARTTLS

Date: Monday, July 14, 2008 - 5:06 am

On Mon, Jul 14, 2008 at 12:27 PM, Stuart Henderson &lt;stu@spacehopper.org&gt;
I think I found it! Well the problem was due to the following error:

-------------------
STARTTLS=server: file /etc/mail/CA/key.pem unsafe: Group readable file
--------------------

in the /var/log/maillog file!

Up to now, I didn't get that error cause the debugging option I had defined
wasn't sufficient!

In:

------------------
http://www.sendmail.org/~ca/email/starttls.html
------------------

is stated:

------------------
If this doesn't reveal any problems, increase the LogLevel to 14 and try
again
-----------------

After doing the above modifications I do get '250-STARTTLS' when doing
'telnet localhost 25' etc.

Thanks all of you for your support

[ message continues ]

[view original message]

From: Hugo Villeneuve

Subject: Re: sendmail STARTTLS

Date: Wednesday, July 16, 2008 - 1:46 am

Maybe I fail at sendmail administration, but I could never make
a DSA certificate work with any product made by Microsoft.

I did try to follow starttls(8) once or twice. But I ended making
RSA certs for sendmail to buy peace. Instruction are in ssl(8).

I know starttls(8) was written in the rsa patent era but I still
do not agree with the DSA certificate recommendation.

Althought, maybe things have changed. I'm an old dog, slow to pick
new tricks.


-- 
Hugo Villeneuve &lt;hugo@EINTR.net&gt;
http://EINTR.net/ 

[ message continues ]


linux-kernel:
Michael Trimarchi	Re: [PATCH] VFS: make file->f_pos access atomic on 32bit arch
Miklos Szeredi	[patch 14/15] vfs: more path_permission() conversions
Serge E. Hallyn	Re: [RFC v5][PATCH 7/8] Infrastructure for shared objects
Bernd Schmidt	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Takashi Iwai	[PATCH 2/2] input: Add LED support to Synaptics device
git:
Junio C Hamano	Re: mingw, windows, crlf/lf, and git
Eyvind Bernhardsen	Re: Where has "git ls-remote" reference pattern matching gone?
Shawn O. Pearce	Re: Switching from CVS to GIT
Todd Zullinger	Re: [PATCH 2/2] send-email: rfc2047-quote subject lines with non-ascii characters
Santi Béjar	Re: How to use git-fmt-merge-msg?
linux-netdev:
Ramkrishna Vepa	[net-2.6 PATCH 1/10] Neterion: New driver: Driver help file
Mark Anthony	invitation / inquiry
Ingo Molnar	Re: [PATCH 08/16] dma-debug: add core checking functions
David Miller	Re: [PATCH 1/3] f_phonet: dev_kfree_skb instead of dev_kfree_skb_any in TX callback
Sascha Hauer	[PATCH 03/12] fec: do not typedef struct types
git-commits-head:
Linux Kernel Mailing List	amba: struct device - replace bus_id with dev_name(), dev_set_name()
Linux Kernel Mailing List	MIPS: Yosemite: Convert SMP startup lock to arch spinlock.
Linux Kernel Mailing List	ARM: S5PC100: IRQ and timer
Linux Kernel Mailing List	davinci: edma: clear interrupt status for interrupt enabled channels only
Linux Kernel Mailing List	x86, mm, kprobes: fault.c, simplify notify_page_fault()
openbsd-misc:
Daniel A. Ramaley	Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?
Matthias Kilian	Re: can't get vesa @ 1280x800 or nv
Tobias Ulmer	Re: Problem after upgrade 4.5 to 4.6: ERR M
Philip Guenther	Re: SIGCHLD and libpthread.so
J.C. Roberts	Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?