topic sendmail and tls in Operating System - HP-UX

sendmail and tls

uxbeginner22 — Mon, 04 May 2015 03:13:20 GMT

I want to configure sendmail with tls

i've set this .mc

define(`SMART_HOST', `pos.domain.private')
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/.domain.private.crt')dnl
define(`confSERVER_CERT', `/etc/mail/certs/hpux2.domain.private.crt')dnl
define(`confSERVER_KEY', `/etc/mail/certs/hpux2..domain.private.key')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/.domain.private')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/.domain.private')dnl
define(`confRAND_FILE',`file:/etc/mail/randfile')dnl
D{tls_version}TLSv1
O UseTLS=True

Compile ok.

But tls give this error

STARTTLS: Warning: safeopen(/etc/mail/randfile) failed

I have tried /dev/urandom same error,i have tried chown root:smmsp randfile

and chmod 660,nothing to do.

What i miss?

P.S. This thread has been moved from General to HP-UX > messaging. - Hp Forum Moderator

Re: sendmail and tls

uxbeginner22 — Mon, 11 May 2015 21:03:42 GMT

Solution found

the most important thing was,enable the database,and use egd instead of file

divert(0)dnl
VERSIONID(`$Id: generic-hpux10.mc,v 8.13 2001/05/29 17:29:52 ca Exp $')
OSTYPE(hpux11)dnl
DOMAIN(generic)dnl
define(`_X400_UUCP_')dnl
define(`_MASQUERADE_ENVELOPE_')dnl
define(`MASQUERADE_NAME')dnl
define(`confTRY_NULL_MX_LIST',`T')dnl
define(`LUSER_RELAY',`name_of_luser_relay')dnl
define(`DATABASE_MAP_TYPE',`dbm')dnl
define(`_CLASS_U_')dnl
define(`LOCAL_RELAY')dnl
define(`MAIL_HUB')dnl
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5')dnl
FEATURE(always_add_domain)dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(openmail)dnl
MAILER(uucp)dnl
define(`SMART_HOST', `posta.serve.com')
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/serve.com.crt')dnl
define(`confSERVER_CERT', `/etc/mail/certs/hpux2.serve.com.crt')dnl
define(`confSERVER_KEY', `/etc/mail/certs/hpux2.serve.com.key')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/hpux2.serve.com.crt')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/hpux2.serve.com.key')dnl
define(`confRAND_FILE',`egd:/dev/urandom')dnl
D{tls_version}TLSv1
O UseTLS=True

Re: sendmail and tls

uxbeginner22 — Mon, 11 May 2015 21:06:01 GMT

Latest question: is possible to disable ssl3 and enable only tlsv1?

On linux i did on .mc

LOCAL_CONFIG
dnl# Do not allow the weak SSLv2:
O CipherList=HIGH
O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE
O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3

But this solution didn't work on unix!

Sendmail won't accept this code and give error