[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-hackers
Subject:    Re: Sendmail and STARTTLS
From:       George Mitchell <george+freebsd () m5p ! com>
Date:       2016-11-29 19:37:07
Message-ID: 6917a66d-b6c0-1a45-a008-56ac1832c8d7 () m5p ! com
[Download RAW message or body]

On 11/29/16 13:49, Peter Jeremy wrote:
> Quick overview:
> On 2016-Nov-28 13:16:10 -0500, George Mitchell <george+freebsd@m5p.com> wrote:
>> Received: from mx2.freebsd.org (mx2.freebsd.org [8.8.178.116])
>> 	by mailhost.m5p.com (8.15.2/8.15.2) with ESMTPS id uARD0t70051256
>> 	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL)
>> 	for <george+freebsd@m5p.com>; Sun, 27 Nov 2016 08:01:01 -0500 (EST)
>> 	(envelope-from owner-freebsd-hackers@freebsd.org)
> 
> This means that you are receeiving mail from FreeBSD.org using TLS
> (the "version=... cipher=..." means TLS is active) but your sendmail
> cannot verify that the certificate presented by FreeBSD.org is valid
> (verify=FAIL).  You need to install a set of hashed root certificates
> in the direectory specified by confCACERT_PATH.
> 
> Received: from mailhost.m5p.com (mailhost.m5p.com [IPv6:2001:418:3fd::f7])
>         (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
>         (Client CN "m5p.com", Issuer "Let's Encrypt Authority X3" (verified
>         OK))
>         by mx1.freebsd.org (Postfix) with ESMTPS id E7C2F1897
>         for <freebsd-hackers@FreeBSD.org>; Mon, 28 Nov 2016 18:16:17 +0000
>         (UTC)
>         (envelope-from george+freebsd@m5p.com)
> 							
> This says that mx1.freebsd.org received your mail via TLS and has validated
> your certificate.
> 
>> What am I doing wrong?  How can I enter VERIFY=YES nirvana?  -- George
> 
> Note that you want "verify=OK", not YES.  Have a read of the STARTTLS
> section of /usr/share/sendmail/cf/README
> 
Thanks for the help!                                          -- George
_______________________________________________
freebsd-hackers@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic