Date: Wed, 12 Oct 2011 16:43:01 -0500 From: "Dean E. Weimer" <dweimer@dweimer.net> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: Daniel Feenberg <feenberg@nber.org>, freebsd-questions@freebsd.org Subject: Re: somewhat Off topic, Sendmail Issue Message-ID: <c5e5763adf041ce49a734ac47e592d6e@www.dweimer.net> In-Reply-To: <4E95F5AD.1040407@infracaninophile.co.uk> References: <c867f6af02b1d0117bddbe0db805e668@www.dweimer.net> <alpine.LFD.2.00.1110121225430.29440@agesas2.nber.org> <c953575af6174a772d8b357c85ac47fd@www.dweimer.net> <4E95F5AD.1040407@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12.10.2011 15:16, Matthew Seaman wrote: > _FFR_TLS_1 is actually already defined in the default sendmail on > FreeBSD. See /usr/src/usr.sbin/sendmail/Makefile around line 63. > It's also enabled in the ports version of sendmail, so long as you > select the WITH_TLS option. I just added this setting to my sendmail > config and it seems to work using the ports sendmail without having > to > recompile anything. > > It could certainly do with being mentioned in the documentation more > prominently. There's not a hint of the CipherList option in > /usr/share/sendmail/cf/README > > _FFR_SMTP_SSL on the other hand, doesn't appear anywhere under > /usr/src > -- think that must be a fossil remnant from some older version of > sendmail. > > Cheers, > > Matthew > > -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: > http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: > matthew@infracaninophile.co.uk Kent, CT11 9PW Interesting info, I will take a look at that Makefile and see what I find, I found those options to set originally on a web page, can't quite remember where, I pieced info from a few different locations to get everything working as I wanted. I do know a lot of it was originally done for an older version of FreeBSD, so perhaps it was an FFR option at that time it was written. One thing I have figured out in this process is that Sendmail FFR compiled options are basically undocumented outside of the source file comments. Perhaps it was my inclusion of an old setting, that caused the ciphers to open up more to start with. It did pass the tests as is, I will look more into this though. And see if I can't slim down the overall steps to get the server up and running before it goes live on a production server. -- Thanks, Dean E. Weimer dweimer@dweimer.net http://www.dweimer.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c5e5763adf041ce49a734ac47e592d6e>