Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
cancel
Showing results for 
Search instead for 
Did you mean: 

sendmail and tls

SOLVED
Go to solution
uxbeginner22
Trusted Contributor

sendmail and tls

I want to configure sendmail with tls

i've set this .mc

 

define(`SMART_HOST', `pos.domain.private')
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/.domain.private.crt')dnl
define(`confSERVER_CERT', `/etc/mail/certs/hpux2.domain.private.crt')dnl
define(`confSERVER_KEY', `/etc/mail/certs/hpux2..domain.private.key')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/.domain.private')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/.domain.private')dnl
define(`confRAND_FILE',`file:/etc/mail/randfile')dnl
D{tls_version}TLSv1
O UseTLS=True

Compile ok.

But tls give this error

 

STARTTLS: Warning: safeopen(/etc/mail/randfile) failed

I have tried /dev/urandom same error,i have tried chown root:smmsp randfile

and chmod 660,nothing to do.

What i miss?

 

 

P.S. This thread has been moved from General to HP-UX > messaging. - Hp Forum Moderator

2 REPLIES
uxbeginner22
Trusted Contributor
Solution

Re: sendmail and tls

Solution found

 

the most important thing was,enable the database,and use egd instead of file

 

divert(0)dnl
VERSIONID(`$Id: generic-hpux10.mc,v 8.13 2001/05/29 17:29:52 ca Exp $')
OSTYPE(hpux11)dnl
DOMAIN(generic)dnl
define(`_X400_UUCP_')dnl
define(`_MASQUERADE_ENVELOPE_')dnl
define(`MASQUERADE_NAME')dnl
define(`confTRY_NULL_MX_LIST',`T')dnl
define(`LUSER_RELAY',`name_of_luser_relay')dnl
define(`DATABASE_MAP_TYPE',`dbm')dnl
define(`_CLASS_U_')dnl
define(`LOCAL_RELAY')dnl
define(`MAIL_HUB')dnl
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5')dnl
FEATURE(always_add_domain)dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(openmail)dnl
MAILER(uucp)dnl
define(`SMART_HOST', `posta.serve.com')
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/serve.com.crt')dnl
define(`confSERVER_CERT', `/etc/mail/certs/hpux2.serve.com.crt')dnl
define(`confSERVER_KEY', `/etc/mail/certs/hpux2.serve.com.key')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/hpux2.serve.com.crt')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/hpux2.serve.com.key')dnl
define(`confRAND_FILE',`egd:/dev/urandom')dnl
D{tls_version}TLSv1
O UseTLS=True
uxbeginner22
Trusted Contributor

Re: sendmail and tls

Latest question: is possible to disable ssl3 and enable only tlsv1?

On linux i did on .mc

 

LOCAL_CONFIG
dnl# Do not allow the weak SSLv2:
O CipherList=HIGH
O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE
O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3

But this solution didn't work on unix!

Sendmail won't accept this code and give error