Date: Wed, 12 Oct 2011 21:16:45 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: dweimer@dweimer.net Cc: Daniel Feenberg <feenberg@nber.org>, freebsd-questions@freebsd.org Subject: Re: somewhat Off topic, Sendmail Issue Message-ID: <4E95F5AD.1040407@infracaninophile.co.uk> In-Reply-To: <c953575af6174a772d8b357c85ac47fd@www.dweimer.net> References: <c867f6af02b1d0117bddbe0db805e668@www.dweimer.net> <alpine.LFD.2.00.1110121225430.29440@agesas2.nber.org> <c953575af6174a772d8b357c85ac47fd@www.dweimer.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig72B1660A8438E6925452B614
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 12/10/2011 20:36, Dean E. Weimer wrote:
> Well after searching the comp.mail.sendmail list through Google groups,=
> I have come up wiht the following changes.
>=20
> I changed the orignal /etc/make.conf:
> from this:
> SENDMAIL_CFLAGS+=3D -D_FFR_SMTP_SSL
> to:
> SENDMAIL_CFLAGS+=3D -D_FFR_SMTP_SSL -D_FFR_TLS_1
>=20
> redid the compile steps:
>=20
> Added this to the end of /etc/mail/hostname.mc:
> LOCAL_CONFIG
> O CipherList=3DALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:RC4+RSA:+HIGH:+MEDIUM:!=
SSLv2
>=20
> under /etc/mail
> executed the make, make install steps
>=20
> After restarting, an attempt to do:
> /usr/local/bin/openssl s_client -starttls smtp -cipher EXP-RC4-MD5
> -connect localhost:25
>=20
> Failed, this successfully connected before these changes. Scans are
> running now, I will let you all know if it was successful.
_FFR_TLS_1 is actually already defined in the default sendmail on
FreeBSD. See /usr/src/usr.sbin/sendmail/Makefile around line 63.
It's also enabled in the ports version of sendmail, so long as you
select the WITH_TLS option. I just added this setting to my sendmail
config and it seems to work using the ports sendmail without having to
recompile anything.
It could certainly do with being mentioned in the documentation more
prominently. There's not a hint of the CipherList option in
/usr/share/sendmail/cf/README
_FFR_SMTP_SSL on the other hand, doesn't appear anywhere under /usr/src
-- think that must be a fossil remnant from some older version of sendmai=
l.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew@infracaninophile.co.uk Kent, CT11 9PW
--------------enig72B1660A8438E6925452B614
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6V9bQACgkQ8Mjk52CukIw+cQCePKg3fVa6Bi8z+pABSNeQ78Ch
V5UAnRENuhosVt1eYGCW7QfX9fxSdYWC
=MRGl
-----END PGP SIGNATURE-----
--------------enig72B1660A8438E6925452B614--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E95F5AD.1040407>