From owner-freebsd-questions@FreeBSD.ORG Wed Oct 12 20:17:06 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ADBFD1065672 for ; Wed, 12 Oct 2011 20:17:06 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3fd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id 157598FC0A for ; Wed, 12 Oct 2011 20:17:05 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id p9CKGrkd048143 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Wed, 12 Oct 2011 21:16:53 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.8.3 smtp.infracaninophile.co.uk p9CKGrkd048143 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1318450613; bh=RTBg8Ja3JF12sGv7MsY1sUlUrkIRk7yQ+i26LDCeIUE=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Cc:Content-Type:Date:From:In-Reply-To: Message-ID:Mime-Version:References:To; z=Message-ID:=20<4E95F5AD.1040407@infracaninophile.co.uk>|Date:=20W ed,=2012=20Oct=202011=2021:16:45=20+0100|From:=20Matthew=20Seaman= 20|User-Agent:=20Mozilla/5.0=20(M acintosh=3B=20Intel=20Mac=20OS=20X=2010.6=3B=20rv:7.0.1)=20Gecko/2 0110929=20Thunderbird/7.0.1|MIME-Version:=201.0|To:=20dweimer@dwei mer.net|CC:=20Daniel=20Feenberg=20,=20freebsd-q uestions@freebsd.org|Subject:=20Re:=20somewhat=20Off=20topic,=20Se ndmail=20Issue|References:=20=20=20|In-Reply -To:=20|X-Enigma il-Version:=201.3.2|OpenPGP:=20id=3D60AE908C|Content-Type:=20multi part/signed=3B=20micalg=3Dpgp-sha1=3B=0D=0A=20protocol=3D"applicat ion/pgp-signature"=3B=0D=0A=20boundary=3D"------------enig72B1660A 8438E6925452B614"; b=L8zAeYwZ+4wEJtzbFlcvb1RichEtBClOT3XnOpjcX4PWbqnJn6BwY0UZe/2h8j4wZ t0twueBfOg6jRFQebRCrD2yyqeoogTVfHTbekDmLjHa/lYVRPIoH9XA1gvpze7vNgo 9mdXPf/dvBJT42/2U5vIIdN0wZ63GhMHJuTBz450= Message-ID: <4E95F5AD.1040407@infracaninophile.co.uk> Date: Wed, 12 Oct 2011 21:16:45 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: dweimer@dweimer.net References: In-Reply-To: X-Enigmail-Version: 1.3.2 OpenPGP: id=60AE908C Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig72B1660A8438E6925452B614" X-Virus-Scanned: clamav-milter 0.97.2 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_FAIL autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk Cc: Daniel Feenberg , freebsd-questions@freebsd.org Subject: Re: somewhat Off topic, Sendmail Issue X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Oct 2011 20:17:06 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig72B1660A8438E6925452B614 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 12/10/2011 20:36, Dean E. Weimer wrote: > Well after searching the comp.mail.sendmail list through Google groups,= > I have come up wiht the following changes. >=20 > I changed the orignal /etc/make.conf: > from this: > SENDMAIL_CFLAGS+=3D -D_FFR_SMTP_SSL > to: > SENDMAIL_CFLAGS+=3D -D_FFR_SMTP_SSL -D_FFR_TLS_1 >=20 > redid the compile steps: >=20 > Added this to the end of /etc/mail/hostname.mc: > LOCAL_CONFIG > O CipherList=3DALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:RC4+RSA:+HIGH:+MEDIUM:!= SSLv2 >=20 > under /etc/mail > executed the make, make install steps >=20 > After restarting, an attempt to do: > /usr/local/bin/openssl s_client -starttls smtp -cipher EXP-RC4-MD5 > -connect localhost:25 >=20 > Failed, this successfully connected before these changes. Scans are > running now, I will let you all know if it was successful. _FFR_TLS_1 is actually already defined in the default sendmail on FreeBSD. See /usr/src/usr.sbin/sendmail/Makefile around line 63. It's also enabled in the ports version of sendmail, so long as you select the WITH_TLS option. I just added this setting to my sendmail config and it seems to work using the ports sendmail without having to recompile anything. It could certainly do with being mentioned in the documentation more prominently. There's not a hint of the CipherList option in /usr/share/sendmail/cf/README _FFR_SMTP_SSL on the other hand, doesn't appear anywhere under /usr/src -- think that must be a fossil remnant from some older version of sendmai= l. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enig72B1660A8438E6925452B614 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6V9bQACgkQ8Mjk52CukIw+cQCePKg3fVa6Bi8z+pABSNeQ78Ch V5UAnRENuhosVt1eYGCW7QfX9fxSdYWC =MRGl -----END PGP SIGNATURE----- --------------enig72B1660A8438E6925452B614--