HPE Community
Operating System - HP-UX
1820711 Members
3262 Online
109627 Solutions
New Discussion

sendmail and tls

 
SOLVED
Go to solution
uxbeginner22
Trusted Contributor

‎05-01-2015 10:52 AM - last edited on ‎05-03-2015 08:13 PM by

‎05-01-2015 10:52 AM - last edited on ‎05-03-2015 08:13 PM by

sendmail and tls

I want to configure sendmail with tls

i've set this .mc

 

define(`SMART_HOST', `pos.domain.private')
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/.domain.private.crt')dnl
define(`confSERVER_CERT', `/etc/mail/certs/hpux2.domain.private.crt')dnl
define(`confSERVER_KEY', `/etc/mail/certs/hpux2..domain.private.key')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/.domain.private')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/.domain.private')dnl
define(`confRAND_FILE',`file:/etc/mail/randfile')dnl
D{tls_version}TLSv1
O UseTLS=True

Compile ok.

But tls give this error

 

STARTTLS: Warning: safeopen(/etc/mail/randfile) failed

I have tried /dev/urandom same error,i have tried chown root:smmsp randfile

and chmod 660,nothing to do.

What i miss?

 

 

P.S. This thread has been moved from General to HP-UX > messaging. - Hp Forum Moderator

0 Kudos
Reply
2 REPLIES 2
uxbeginner22
Trusted Contributor

‎05-11-2015 02:03 PM

‎05-11-2015 02:03 PM

Solution

Re: sendmail and tls

Solution found

 

the most important thing was,enable the database,and use egd instead of file

 

divert(0)dnl
VERSIONID(`$Id: generic-hpux10.mc,v 8.13 2001/05/29 17:29:52 ca Exp $')
OSTYPE(hpux11)dnl
DOMAIN(generic)dnl
define(`_X400_UUCP_')dnl
define(`_MASQUERADE_ENVELOPE_')dnl
define(`MASQUERADE_NAME')dnl
define(`confTRY_NULL_MX_LIST',`T')dnl
define(`LUSER_RELAY',`name_of_luser_relay')dnl
define(`DATABASE_MAP_TYPE',`dbm')dnl
define(`_CLASS_U_')dnl
define(`LOCAL_RELAY')dnl
define(`MAIL_HUB')dnl
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5')dnl
FEATURE(always_add_domain)dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(openmail)dnl
MAILER(uucp)dnl
define(`SMART_HOST', `posta.serve.com')
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/serve.com.crt')dnl
define(`confSERVER_CERT', `/etc/mail/certs/hpux2.serve.com.crt')dnl
define(`confSERVER_KEY', `/etc/mail/certs/hpux2.serve.com.key')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/hpux2.serve.com.crt')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/hpux2.serve.com.key')dnl
define(`confRAND_FILE',`egd:/dev/urandom')dnl
D{tls_version}TLSv1
O UseTLS=True
0 Kudos
Reply
uxbeginner22
Trusted Contributor

‎05-11-2015 02:06 PM

‎05-11-2015 02:06 PM

Re: sendmail and tls

Latest question: is possible to disable ssl3 and enable only tlsv1?

On linux i did on .mc

 

LOCAL_CONFIG
dnl# Do not allow the weak SSLv2:
O CipherList=HIGH
O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE
O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3

But this solution didn't work on unix!

Sendmail won't accept this code and give error

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.