From owner-freebsd-questions@FreeBSD.ORG Wed Oct 12 19:36:47 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 638F31065672 for ; Wed, 12 Oct 2011 19:36:47 +0000 (UTC) (envelope-from dweimer@dweimer.net) Received: from webmail.dweimer.net (adsl-70-129-195-213.dsl.ksc2mo.swbell.net [70.129.195.213]) by mx1.freebsd.org (Postfix) with ESMTP id 002B08FC15 for ; Wed, 12 Oct 2011 19:36:46 +0000 (UTC) Received: from www.dweimer.net (localhost [127.0.0.1]) by webmail.dweimer.net (8.14.4/8.14.4) with ESMTP id p9CJajCD068879; Wed, 12 Oct 2011 14:36:45 -0500 (CDT) (envelope-from dweimer@dweimer.net) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 12 Oct 2011 14:36:45 -0500 From: "Dean E. Weimer" To: Daniel Feenberg Mail-Reply-To: In-Reply-To: References: Message-ID: X-Sender: dweimer@dweimer.net User-Agent: RoundCube Webmail/0.6 Cc: freebsd-questions@freebsd.org Subject: Re: somewhat Off topic, Sendmail Issue X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dweimer@dweimer.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Oct 2011 19:36:47 -0000 On 12.10.2011 11:30, Daniel Feenberg wrote: > There is an active Usenet group at comp.mail.sendmail. > > Does the ENCR parameter documented at > > http://www.sendmail.org/m4/starttls.html > > do you any good? It doesn't restrict the method, only the number of > bits > in the key. > > Daniel Feenberg Well after searching the comp.mail.sendmail list through Google groups, I have come up wiht the following changes. I changed the orignal /etc/make.conf: from this: SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL to: SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL -D_FFR_TLS_1 redid the compile steps: Added this to the end of /etc/mail/hostname.mc: LOCAL_CONFIG O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:RC4+RSA:+HIGH:+MEDIUM:!SSLv2 under /etc/mail executed the make, make install steps After restarting, an attempt to do: /usr/local/bin/openssl s_client -starttls smtp -cipher EXP-RC4-MD5 -connect localhost:25 Failed, this successfully connected before these changes. Scans are running now, I will let you all know if it was successful. -- Thanks, Dean E. Weimer dweimer@dweimer.net http://www.dweimer.net/