Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 29 Nov 2016 14:37:07 -0500
From:      George Mitchell <george+freebsd@m5p.com>
To:        Peter Jeremy <peter@rulingia.com>
Cc:        freebsd-hackers@FreeBSD.org
Subject:   Re: Sendmail and STARTTLS
Message-ID:  <6917a66d-b6c0-1a45-a008-56ac1832c8d7@m5p.com>
In-Reply-To: <20161129184909.GB61036@server.rulingia.com>
References:  <f4ee7a4c-8b8c-2542-20ba-7ef0a42313fa@m5p.com> <20161129184909.GB61036@server.rulingia.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 11/29/16 13:49, Peter Jeremy wrote:
> Quick overview:
> On 2016-Nov-28 13:16:10 -0500, George Mitchell <george+freebsd@m5p.com> wrote:
>> Received: from mx2.freebsd.org (mx2.freebsd.org [8.8.178.116])
>> 	by mailhost.m5p.com (8.15.2/8.15.2) with ESMTPS id uARD0t70051256
>> 	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL)
>> 	for <george+freebsd@m5p.com>; Sun, 27 Nov 2016 08:01:01 -0500 (EST)
>> 	(envelope-from owner-freebsd-hackers@freebsd.org)
> 
> This means that you are receeiving mail from FreeBSD.org using TLS
> (the "version=... cipher=..." means TLS is active) but your sendmail
> cannot verify that the certificate presented by FreeBSD.org is valid
> (verify=FAIL).  You need to install a set of hashed root certificates
> in the direectory specified by confCACERT_PATH.
> 
> Received: from mailhost.m5p.com (mailhost.m5p.com [IPv6:2001:418:3fd::f7])
>         (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
>         (Client CN "m5p.com", Issuer "Let's Encrypt Authority X3" (verified
>         OK))
>         by mx1.freebsd.org (Postfix) with ESMTPS id E7C2F1897
>         for <freebsd-hackers@FreeBSD.org>; Mon, 28 Nov 2016 18:16:17 +0000
>         (UTC)
>         (envelope-from george+freebsd@m5p.com)
> 							
> This says that mx1.freebsd.org received your mail via TLS and has validated
> your certificate.
> 
>> What am I doing wrong?  How can I enter VERIFY=YES nirvana?  -- George
> 
> Note that you want "verify=OK", not YES.  Have a read of the STARTTLS
> section of /usr/share/sendmail/cf/README
> 
Thanks for the help!                                          -- George

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6917a66d-b6c0-1a45-a008-56ac1832c8d7>