somewhat Off topic, Sendmail Issue

Matthew Seaman m.seaman at infracaninophile.co.uk
Wed Oct 12 20:17:06 UTC 2011 

On 12/10/2011 20:36, Dean E. Weimer wrote:
> Well after searching the comp.mail.sendmail list through Google groups,
> I have come up wiht the following changes.
> 
> I changed the orignal /etc/make.conf:
> from this:
> SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL
> to:
> SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL -D_FFR_TLS_1
> 
> redid the compile steps:
> 
> Added this to the end of /etc/mail/hostname.mc:
> LOCAL_CONFIG
> O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:RC4+RSA:+HIGH:+MEDIUM:!SSLv2
> 
> under /etc/mail
> executed the make, make install steps
> 
> After restarting, an attempt to do:
> /usr/local/bin/openssl s_client -starttls smtp -cipher EXP-RC4-MD5
> -connect localhost:25
> 
> Failed, this successfully connected before these changes.  Scans are
> running now, I will let you all know if it was successful.

_FFR_TLS_1 is actually already defined in the default sendmail on
FreeBSD.  See /usr/src/usr.sbin/sendmail/Makefile around line 63.
It's also enabled in the ports version of sendmail, so long as you
select the WITH_TLS option.  I just added this setting to my sendmail
config and it seems to work using the ports sendmail without having to
recompile anything.

It could certainly do with being mentioned in the documentation more
prominently.  There's not a hint of the CipherList option in
/usr/share/sendmail/cf/README

_FFR_SMTP_SSL on the other hand, doesn't appear anywhere under /usr/src
-- think that must be a fossil remnant from some older version of sendmail.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew at infracaninophile.co.uk               Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20111012/c2f9abfa/signature.pgp

More information about the freebsd-questions mailing list