From owner-freebsd-questions@FreeBSD.ORG Wed Aug 29 09:20:58 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4073A1065673 for ; Wed, 29 Aug 2012 09:20:58 +0000 (UTC) (envelope-from idefix@fechner.net) Received: from anny.lostinspace.de (anny.lostinspace.de [IPv6:2a01:138:a006::2]) by mx1.freebsd.org (Postfix) with ESMTP id BCE0D8FC08 for ; Wed, 29 Aug 2012 09:20:57 +0000 (UTC) Received: from server.idefix.lan (ppp-93-104-85-5.dynamic.mnet-online.de [93.104.85.5]) (authenticated bits=0) by anny.lostinspace.de (8.14.5/8.14.5) with ESMTP id q7T9KkZ3087183 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Wed, 29 Aug 2012 11:20:50 +0200 (CEST) (envelope-from idefix@fechner.net) Received: from server.idefix.lan (localhost [IPv6:::1]) by server.idefix.lan (Postfix) with ESMTP id 7ABEA6F679; Wed, 29 Aug 2012 11:20:46 +0200 (CEST) X-Virus-Scanned: amavisd-new at fechner.net Received: from server.idefix.lan ([127.0.0.1]) by server.idefix.lan (server.idefix.lan [127.0.0.1]) (amavisd-new, port 10024) with LMTP id qSd6NTSQx6wY; Wed, 29 Aug 2012 11:20:44 +0200 (CEST) Received: from matthias-fechners-macbook.local (ppp-93-104-85-5.dynamic.mnet-online.de [93.104.85.5]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by server.idefix.lan (Postfix) with ESMTPSA id B9B0F6F66F; Wed, 29 Aug 2012 11:20:43 +0200 (CEST) Message-ID: <503DDEE5.7000505@fechner.net> Date: Wed, 29 Aug 2012 11:20:37 +0200 From: Matthias Fechner User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: AN References: In-Reply-To: X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (anny.lostinspace.de [80.190.182.2]); Wed, 29 Aug 2012 11:20:51 +0200 (CEST) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,UNPARSEABLE_RELAY autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on anny.lostinspace.de Cc: freebsd-questions@freebsd.org Subject: Re: TLS config help X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Aug 2012 09:20:58 -0000 Am 29.08.12 12:38, schrieb AN: > Trying to configure TLS and sendmail using the following steps I use: cd /etc/mail/certs Create a CA: - Edit /etc/ssl/openssl.cfn -> default_days = 1825 - Generate CAcertificate -> /usr/src/crypto/openssl/apps/CA.pl -newca cp demoCA/cacert.pem . Create a key: /usr/src/crypto/openssl/apps/CA.pl -newreq Remove passphrase from key: openssl rsa -in newkey.pem -out key.pem Sign key: /usr/src/crypto/openssl/apps/CA.pl -sign Set permissions: chmod 0600 * Sendmail: define(`confCACERT_PATH',`/etc/mail/certs') define(`confCACERT',`/etc/mail/certs/cacert.pem') define(`confSERVER_CERT',`/etc/mail/certs/newcert.pem') define(`confSERVER_KEY',`/etc/mail/certs/key.pem') define(`confCLIENT_CERT',`/etc/mail/certs/newreq.pem') define(`confCLIENT_KEY',`/etc/mail/certs/key.pem') DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl Bye, Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook