Date: Thu, 28 Jan 2021 12:47:08 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 253060] sendmail submit is unable to verify certificate Message-ID: <bug-253060-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253060 Bug ID: 253060 Summary: sendmail submit is unable to verify certificate Product: Base System Version: 12.2-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: conf Assignee: bugs@FreeBSD.org Reporter: bicknell@ufp.org If the user has configured SSL certificates for sendmail then when the send= mail submit service connects to localhost and receives the certificate it will be unable to verify that certificate. Specifically the user will find a log message like this in their logs for every submitted e-mail: STARTTLS=3Dclient, relay=3D[127.0.0.1], version=3DTLSv1.3, verify=3DFAIL, cipher=3DTLS_AES_256_GCM_SHA384, bits=3D256/256 The fix is to add the following two lines to /etc/mail/freebsd.submit.mc: define(`confCACERT_PATH', `/etc/ssl/certs')dnl define(`confCACERT', `/etc/ssl/cert.pem')dnl Then, assuming the user has a real certificate configured, they will get a message like this: STARTTLS=3Dclient, relay=3D[127.0.0.1], version=3DTLSv1.3, verify=3DOK, cipher=3DTLS_AES_256_GCM_SHA384, bits=3D256/256 This does not change any mail delivery behavior, sendmail does not care if = the certificate is valid or not and does not alter behavior if it is or not. = This only changes logging, and would reduce admin confusion when an admin has configured a server cert.=20=20 I believe this is safe to add to /etc/mail/freebsd.submit.mc for all users = in the base distribution. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253060-227>