[GRLUG] Any sendmail folks out there?
Mark Farver
mfarver at mindbent.org
Mon Oct 28 20:04:55 EDT 2013
On Mon, Oct 28, 2013 at 7:51 PM, L. V. Lammert <lvl at omnitec.net> wrote:
> Oct 28 18:47:35 WTWeb sendmail[21565]: STARTTLS=client,
> relay=nospam.xpresshost.net, version=TLSv1/SSLv3, verify=FAIL,
> cipher=AES256-SHA, bits=256/256
Your copy of sendmail was unable to verify the certificate presented
by the smarthost. This is becuase it is self signed, or signed by a
CA that is not configured on your system.
Fetch the certs used by the remote server (this is not very secure):
http://stackoverflow.com/questions/7885785/using-openssl-to-get-the-certificate-from-a-server
openssl s_client -showcerts -connect <smarthost_IP:port> </dev/null
You'll need to specify the file you put those certs into:
http://www.novosial.org/sendmail/tls-relay/index.html
dnl Certificate Authority file & directory (for verifying other sites)
define(`confCACERT', `CERT_DIR/cacert.pem')
define(`confCACERT_PATH', `CERT_DIR/CA')
Mark
More information about the grlug
mailing list