From owner-freebsd-questions@FreeBSD.ORG Wed Aug 29 10:04:29 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A27211065703 for ; Wed, 29 Aug 2012 10:04:29 +0000 (UTC) (envelope-from jamie@kode5.net) Received: from kontrol.kode5.net (kontrol.kode5.net [80.229.5.32]) by mx1.freebsd.org (Postfix) with ESMTP id 0D4E08FC1E for ; Wed, 29 Aug 2012 10:04:28 +0000 (UTC) Received: from kontrol.kode5.net (localhost [127.0.0.1]) by kontrol.kode5.net (8.14.5/8.14.5) with ESMTP id q7TA4Qdi089232 for ; Wed, 29 Aug 2012 11:04:27 +0100 (BST) (envelope-from jamie@kode5.net) Received: (from jamie@localhost) by kontrol.kode5.net (8.14.5/8.14.5/Submit) id q7TA4Qp7089231 for freebsd-questions@freebsd.org; Wed, 29 Aug 2012 11:04:26 +0100 (BST) (envelope-from jamie@kode5.net) X-Authentication-Warning: kontrol.kode5.net: jamie set sender to jamie@kode5.net using -f Date: Wed, 29 Aug 2012 11:04:26 +0100 From: Jamie Paul Griffin To: freebsd-questions@freebsd.org Message-ID: <20120829100426.GE81304@kontrol.kode5.net> Mail-Followup-To: freebsd-questions@freebsd.org References: <503DDEE5.7000505@fechner.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <503DDEE5.7000505@fechner.net> x-operating-system: FreeBSD 9.1-PRERELEASE amd64 x-pgp-fingerprint: A4B9 E875 A18C 6E11 F46D B788 BEE6 1251 1D31 DC38 x-pgp-key: 1D31DC38 User-Agent: Mutt/1.5.21 (2010-09-15) X-Virus-Scanned: clamav-milter 0.97.5 at kontrol.kode5.net X-Virus-Status: Clean Subject: Re: TLS config help X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Aug 2012 10:04:29 -0000 [ Matthias Fechner wrote on Wed 29.Aug'12 at 11:20:37 +0200 ] > Am 29.08.12 12:38, schrieb AN: > > Trying to configure TLS and sendmail using the following steps > > I use: > cd /etc/mail/certs > > > Create a CA: > > - Edit /etc/ssl/openssl.cfn -> default_days = 1825 > - Generate CAcertificate > -> /usr/src/crypto/openssl/apps/CA.pl -newca > cp demoCA/cacert.pem . > > Create a key: > > /usr/src/crypto/openssl/apps/CA.pl -newreq > > Remove passphrase from key: > > openssl rsa -in newkey.pem -out key.pem > > Sign key: > > /usr/src/crypto/openssl/apps/CA.pl -sign > > Set permissions: > > chmod 0600 * > > Sendmail: > > define(`confCACERT_PATH',`/etc/mail/certs') > define(`confCACERT',`/etc/mail/certs/cacert.pem') > define(`confSERVER_CERT',`/etc/mail/certs/newcert.pem') > define(`confSERVER_KEY',`/etc/mail/certs/key.pem') > define(`confCLIENT_CERT',`/etc/mail/certs/newreq.pem') > define(`confCLIENT_KEY',`/etc/mail/certs/key.pem') > > DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl > DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl > > Bye, > Matthias That's very handy info, I am planning on setting up TLS for sendmail myself. So thanks to the OP for asking that question, although i'm sure there's loads of info on the net as well. I've only used Postfix before now, but since installing FBSD on this machine I thought i'd stick to using base MTA. Jamie