[GRLUG] Any sendmail folks out there?

Mark Farver mfarver at mindbent.org
Mon Oct 28 20:04:55 EDT 2013

On Mon, Oct 28, 2013 at 7:51 PM, L. V. Lammert <lvl at omnitec.net> wrote:
> Oct 28 18:47:35 WTWeb sendmail[21565]: STARTTLS=client,
> relay=nospam.xpresshost.net, version=TLSv1/SSLv3, verify=FAIL,
> cipher=AES256-SHA, bits=256/256

Your copy of sendmail was unable to verify the certificate presented
by the smarthost.  This is becuase it is self signed, or signed by a
CA that is not configured on your system.

Fetch the certs used by the remote server (this is not very secure):

openssl s_client -showcerts -connect <smarthost_IP:port> </dev/null

You'll need to specify the file you put those certs into:

dnl Certificate Authority file & directory (for verifying other sites)
define(`confCACERT', `CERT_DIR/cacert.pem')
define(`confCACERT_PATH', `CERT_DIR/CA')


More information about the grlug mailing list