From owner-freebsd-questions@FreeBSD.ORG  Wed Oct 12 16:30:47 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9B8E9106566B
	for <freebsd-questions@freebsd.org>;
	Wed, 12 Oct 2011 16:30:47 +0000 (UTC)
	(envelope-from feenberg@nber.org)
Received: from mail2.nber.org (mail2.nber.org [66.251.72.79])
	by mx1.freebsd.org (Postfix) with ESMTP id 422F38FC0A
	for <freebsd-questions@freebsd.org>;
	Wed, 12 Oct 2011 16:30:47 +0000 (UTC)
Received: from agesas2.nber.org (agesas2.nber.org [66.251.72.183])
	by mail2.nber.org (8.14.4/8.14.4) with ESMTP id p9CGUfck030902
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Wed, 12 Oct 2011 12:30:42 -0400 (EDT)
	(envelope-from feenberg@nber.org)
Received: from localhost (feenberg@localhost)
	by agesas2.nber.org (8.14.4/8.14.4/Submit) with ESMTP id p9CGUePg030039;
	Wed, 12 Oct 2011 12:30:41 -0400
X-Authentication-Warning: agesas2.nber.org: feenberg owned process doing -bs
Date: Wed, 12 Oct 2011 12:30:40 -0400 (EDT)
From: Daniel Feenberg <feenberg@nber.org>
To: "Dean E. Weimer" <dweimer@dweimer.net>
In-Reply-To: <c867f6af02b1d0117bddbe0db805e668@www.dweimer.net>
Message-ID: <alpine.LFD.2.00.1110121225430.29440@agesas2.nber.org>
References: <c867f6af02b1d0117bddbe0db805e668@www.dweimer.net>
User-Agent: Alpine 2.00 (LFD 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.39/RELEASE,
	bases: 20111012 #5509368, check: 20111012 clean
Cc: freebsd-questions@freebsd.org
Subject: Re: somewhat Off topic, Sendmail Issue
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2011 16:30:47 -0000



On Wed, 12 Oct 2011, Dean E. Weimer wrote:

> I know this is a Sendmail issue, but I haven't been able to track down any 
> information online, or found any Sendmail user email lists yet.  And since I 
> am running it on a FreeBSD server, I thought I would try here and see if 
> anyone knows the answer to my problem.
>
> I have enabled SSL on SMTP to enable the delivery and reception of TLS 
> encrypted emails, the server is going to be used as a relay between a MS 
> Exchange server and an external Spam filtering service that has an encrypted 
> email sending application that strips attachments and creates a password 
> protected HTTPS link based on keywords in the subject.
>
> Everything works as expected, but when I test the server against required PCI 
> scans, it accepts weak encryption ciphers, I need to limit these ciphers. 
> After a lot of extensive searching I have found references to the fact that 
> it is possible to configure Sendmail to do this, but I can't find any 
> documentation on how to do it.
>

There is an active Usenet group at comp.mail.sendmail.

Does the ENCR parameter documented at

   http://www.sendmail.org/m4/starttls.html

do you any good? It doesn't restrict the method, only the number of bits 
in the key.

Daniel Feenberg