From owner-freebsd-hackers@freebsd.org  Tue Nov 29 18:49:32 2016
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 839E4C5C292
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Tue, 29 Nov 2016 18:49:32 +0000 (UTC)
 (envelope-from peter@rulingia.com)
Received: from vps.rulingia.com (vps.rulingia.com [103.243.244.15])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mail.rulingia.com",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1EF1A1B19
 for <freebsd-hackers@FreeBSD.org>; Tue, 29 Nov 2016 18:49:31 +0000 (UTC)
 (envelope-from peter@rulingia.com)
Received: from server.rulingia.com (ppp59-167-167-3.static.internode.on.net
 [59.167.167.3])
 by vps.rulingia.com (8.15.2/8.15.2) with ESMTPS id uATInGB2091169
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Wed, 30 Nov 2016 05:49:22 +1100 (AEDT)
 (envelope-from peter@rulingia.com)
X-Bogosity: Ham, spamicity=0.000000
Received: from server.rulingia.com (localhost.rulingia.com [127.0.0.1])
 by server.rulingia.com (8.15.2/8.15.2) with ESMTPS id uATIn9RK085919
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Wed, 30 Nov 2016 05:49:09 +1100 (AEDT)
 (envelope-from peter@server.rulingia.com)
Received: (from peter@localhost)
 by server.rulingia.com (8.15.2/8.15.2/Submit) id uATIn9Ar085918;
 Wed, 30 Nov 2016 05:49:09 +1100 (AEDT) (envelope-from peter)
Date: Wed, 30 Nov 2016 05:49:09 +1100
From: Peter Jeremy <peter@rulingia.com>
To: George Mitchell <george+freebsd@m5p.com>
Cc: freebsd-hackers@FreeBSD.org
Subject: Re: Sendmail and STARTTLS
Message-ID: <20161129184909.GB61036@server.rulingia.com>
References: <f4ee7a4c-8b8c-2542-20ba-7ef0a42313fa@m5p.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="/9DWx/yDrRhgMJTb"
Content-Disposition: inline
In-Reply-To: <f4ee7a4c-8b8c-2542-20ba-7ef0a42313fa@m5p.com>
X-PGP-Key: http://www.rulingia.com/keys/peter.pgp
User-Agent: Mutt/1.7.1 (2016-10-04)
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2016 18:49:32 -0000


--/9DWx/yDrRhgMJTb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Quick overview:
On 2016-Nov-28 13:16:10 -0500, George Mitchell <george+freebsd@m5p.com> wro=
te:
>Received: from mx2.freebsd.org (mx2.freebsd.org [8.8.178.116])
>	by mailhost.m5p.com (8.15.2/8.15.2) with ESMTPS id uARD0t70051256
>	(version=3DTLSv1.2 cipher=3DDHE-RSA-AES256-GCM-SHA384 bits=3D256 verify=
=3DFAIL)
>	for <george+freebsd@m5p.com>; Sun, 27 Nov 2016 08:01:01 -0500 (EST)
>	(envelope-from owner-freebsd-hackers@freebsd.org)

This means that you are receeiving mail from FreeBSD.org using TLS
(the "version=3D... cipher=3D..." means TLS is active) but your sendmail
cannot verify that the certificate presented by FreeBSD.org is valid
(verify=3DFAIL).  You need to install a set of hashed root certificates
in the direectory specified by confCACERT_PATH.

Received: from mailhost.m5p.com (mailhost.m5p.com [IPv6:2001:418:3fd::f7])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bit=
s))
        (Client CN "m5p.com", Issuer "Let's Encrypt Authority X3" (verified
        OK))
        by mx1.freebsd.org (Postfix) with ESMTPS id E7C2F1897
        for <freebsd-hackers@FreeBSD.org>; Mon, 28 Nov 2016 18:16:17 +0000
        (UTC)
        (envelope-from george+freebsd@m5p.com)
						=09
This says that mx1.freebsd.org received your mail via TLS and has validated
your certificate.

>What am I doing wrong?  How can I enter VERIFY=3DYES nirvana?  -- George

Note that you want "verify=3DOK", not YES.  Have a read of the STARTTLS
section of /usr/share/sendmail/cf/README

--=20
Peter Jeremy

--/9DWx/yDrRhgMJTb
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJYPc2kXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFRUIyOTg2QzMwNjcxRTc0RTY1QzIyN0Ux
NkE1OTdBMEU0QTIwQjM0AAoJEBall6Dkogs0AxQP/isVgecNFkM/bBKNE6zIX4ub
/MO56rG3iMUwAup5Lq0KHlWm6dCRVwkzLhm20OL8JjJx2BwlOVmaHTmTapqdKfCj
/nst6fFimvGDCrdgvOoYfDoFwWo600bUNIzRr4EPVXs0aGPWbHnay200+3IjW7Xq
U9APNImGkdTQbUV7DykHtcHbpJEqNsJPFmA7YJCLgbNwZOFOV2Hb/qxvzqbTU5hd
4NluBANZ8W2NpOVwcuF33uMxKaZCkEAXknVGqbc1tB06yK6oJjq7+Wbzmlr59fM+
h5bcGtSPMROxb7YLZbMhJFqYL3cJv5e+DeELFTfwCcnj/xVsBvZpGnSOu0ESVrJ2
R7FrJVrLQdlxnQI7rodIvata430ei/TfX0zItTFZVFCEsx9d4zjDEoXSvnjksxti
WP16uT0GylXC2HSzwOx6AJuOHokdTJ05gqAlAxThNnFWUkwVFZ8QLAALuoshgYDK
2mgIVZU3iYkk9M2LkM8btwcPsEDO/YjNk3cBgfEiLv0bPiabcRXtD2TiUJG1pVGC
TqqUKCenUx8iU7G8JNU0/4qcEbCSxEIifvkdn+8qdskQVZax7x1mT+ykPt3pWN6w
4XLKutYqDODMsngZ/YQN1UG7wMDJM4nKzXz2ZJjExZ6e43IGyxTwuapr5jZfkQPJ
oB4BwHJkjrdrYyctpdFX
=GKF5
-----END PGP SIGNATURE-----

--/9DWx/yDrRhgMJTb--