Date: Wed, 30 Nov 2016 05:49:09 +1100 From: Peter Jeremy <peter@rulingia.com> To: George Mitchell <george+freebsd@m5p.com> Cc: freebsd-hackers@FreeBSD.org Subject: Re: Sendmail and STARTTLS Message-ID: <20161129184909.GB61036@server.rulingia.com> In-Reply-To: <f4ee7a4c-8b8c-2542-20ba-7ef0a42313fa@m5p.com> References: <f4ee7a4c-8b8c-2542-20ba-7ef0a42313fa@m5p.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Quick overview:
On 2016-Nov-28 13:16:10 -0500, George Mitchell <george+freebsd@m5p.com> wrote:
>Received: from mx2.freebsd.org (mx2.freebsd.org [8.8.178.116])
> by mailhost.m5p.com (8.15.2/8.15.2) with ESMTPS id uARD0t70051256
> (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL)
> for <george+freebsd@m5p.com>; Sun, 27 Nov 2016 08:01:01 -0500 (EST)
> (envelope-from owner-freebsd-hackers@freebsd.org)
This means that you are receeiving mail from FreeBSD.org using TLS
(the "version=... cipher=..." means TLS is active) but your sendmail
cannot verify that the certificate presented by FreeBSD.org is valid
(verify=FAIL). You need to install a set of hashed root certificates
in the direectory specified by confCACERT_PATH.
Received: from mailhost.m5p.com (mailhost.m5p.com [IPv6:2001:418:3fd::f7])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(Client CN "m5p.com", Issuer "Let's Encrypt Authority X3" (verified
OK))
by mx1.freebsd.org (Postfix) with ESMTPS id E7C2F1897
for <freebsd-hackers@FreeBSD.org>; Mon, 28 Nov 2016 18:16:17 +0000
(UTC)
(envelope-from george+freebsd@m5p.com)
This says that mx1.freebsd.org received your mail via TLS and has validated
your certificate.
>What am I doing wrong? How can I enter VERIFY=YES nirvana? -- George
Note that you want "verify=OK", not YES. Have a read of the STARTTLS
section of /usr/share/sendmail/cf/README
--
Peter Jeremy
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJYPc2kXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFRUIyOTg2QzMwNjcxRTc0RTY1QzIyN0Ux
NkE1OTdBMEU0QTIwQjM0AAoJEBall6Dkogs0AxQP/isVgecNFkM/bBKNE6zIX4ub
/MO56rG3iMUwAup5Lq0KHlWm6dCRVwkzLhm20OL8JjJx2BwlOVmaHTmTapqdKfCj
/nst6fFimvGDCrdgvOoYfDoFwWo600bUNIzRr4EPVXs0aGPWbHnay200+3IjW7Xq
U9APNImGkdTQbUV7DykHtcHbpJEqNsJPFmA7YJCLgbNwZOFOV2Hb/qxvzqbTU5hd
4NluBANZ8W2NpOVwcuF33uMxKaZCkEAXknVGqbc1tB06yK6oJjq7+Wbzmlr59fM+
h5bcGtSPMROxb7YLZbMhJFqYL3cJv5e+DeELFTfwCcnj/xVsBvZpGnSOu0ESVrJ2
R7FrJVrLQdlxnQI7rodIvata430ei/TfX0zItTFZVFCEsx9d4zjDEoXSvnjksxti
WP16uT0GylXC2HSzwOx6AJuOHokdTJ05gqAlAxThNnFWUkwVFZ8QLAALuoshgYDK
2mgIVZU3iYkk9M2LkM8btwcPsEDO/YjNk3cBgfEiLv0bPiabcRXtD2TiUJG1pVGC
TqqUKCenUx8iU7G8JNU0/4qcEbCSxEIifvkdn+8qdskQVZax7x1mT+ykPt3pWN6w
4XLKutYqDODMsngZ/YQN1UG7wMDJM4nKzXz2ZJjExZ6e43IGyxTwuapr5jZfkQPJ
oB4BwHJkjrdrYyctpdFX
=GKF5
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161129184909.GB61036>