Sendmail and STARTTLS
Gregory Shapiro
gshapiro at freebsd.org
Mon Nov 28 18:39:46 UTC 2016
> Received: from mx2.freebsd.org (mx2.freebsd.org [8.8.178.116])
> by mailhost.m5p.com (8.15.2/8.15.2) with ESMTPS id uARD0t70051256
> (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL)
> for <george+freebsd at m5p.com>; Sun, 27 Nov 2016 08:01:01 -0500 (EST)
> (envelope-from owner-freebsd-hackers at freebsd.org)
>
> (When I used the default values, ssl-tools accused me of using a
> weak protocol, so I started experimenting with values gleaned from
> around the net, to no avail so far.)
>
> What am I doing wrong? How can I enter VERIFY=YES nirvana? -- George
Verification is via these settings. You'll need a populated set of root certificates in the directory you pick.
M4 Variable Name Configuration [Default] & Description
================ ============= =======================
confCACERT_PATH CACertPath [undefined] Path to directory with
certificates of CAs which must contain
their hashes as filenames or links.
confCACERT CACertFile [undefined] File containing at least
one CA certificate.
Finally, review section 6.6.1 of op.me:
% gunzip -c /usr/share/doc/smm/08.sendmailop/paper.ascii.gz | less
More information about the freebsd-hackers
mailing list