Date: Wed, 12 Oct 2011 21:16:45 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: dweimer@dweimer.net Cc: Daniel Feenberg <feenberg@nber.org>, freebsd-questions@freebsd.org Subject: Re: somewhat Off topic, Sendmail Issue Message-ID: <4E95F5AD.1040407@infracaninophile.co.uk> In-Reply-To: <c953575af6174a772d8b357c85ac47fd@www.dweimer.net> References: <c867f6af02b1d0117bddbe0db805e668@www.dweimer.net> <alpine.LFD.2.00.1110121225430.29440@agesas2.nber.org> <c953575af6174a772d8b357c85ac47fd@www.dweimer.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig72B1660A8438E6925452B614 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 12/10/2011 20:36, Dean E. Weimer wrote: > Well after searching the comp.mail.sendmail list through Google groups,= > I have come up wiht the following changes. >=20 > I changed the orignal /etc/make.conf: > from this: > SENDMAIL_CFLAGS+=3D -D_FFR_SMTP_SSL > to: > SENDMAIL_CFLAGS+=3D -D_FFR_SMTP_SSL -D_FFR_TLS_1 >=20 > redid the compile steps: >=20 > Added this to the end of /etc/mail/hostname.mc: > LOCAL_CONFIG > O CipherList=3DALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:RC4+RSA:+HIGH:+MEDIUM:!= SSLv2 >=20 > under /etc/mail > executed the make, make install steps >=20 > After restarting, an attempt to do: > /usr/local/bin/openssl s_client -starttls smtp -cipher EXP-RC4-MD5 > -connect localhost:25 >=20 > Failed, this successfully connected before these changes. Scans are > running now, I will let you all know if it was successful. _FFR_TLS_1 is actually already defined in the default sendmail on FreeBSD. See /usr/src/usr.sbin/sendmail/Makefile around line 63. It's also enabled in the ports version of sendmail, so long as you select the WITH_TLS option. I just added this setting to my sendmail config and it seems to work using the ports sendmail without having to recompile anything. It could certainly do with being mentioned in the documentation more prominently. There's not a hint of the CipherList option in /usr/share/sendmail/cf/README _FFR_SMTP_SSL on the other hand, doesn't appear anywhere under /usr/src -- think that must be a fossil remnant from some older version of sendmai= l. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enig72B1660A8438E6925452B614 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6V9bQACgkQ8Mjk52CukIw+cQCePKg3fVa6Bi8z+pABSNeQ78Ch V5UAnRENuhosVt1eYGCW7QfX9fxSdYWC =MRGl -----END PGP SIGNATURE----- --------------enig72B1660A8438E6925452B614--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E95F5AD.1040407>