[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

STARTTLS, Sendmail, and maillog entries

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: STARTTLS, Sendmail, and maillog entries
From: "James A. Peltier" <james_(_at_)_site-fx_(_dot_)_net>
Date: 07 Jul 2003 11:11:17 -0700
Organization: Site-FX Open Network Solutions Inc.

I have started using TLS with sendmail recently and noticed that I am
now getting entries such as

Jul  7 06:54:45 pistol sm-mta[6947]: STARTTLS=server,
relay=openbsd.cs.colorado.edu [128.138.192.83], version=TLSv1/SSLv3,
verify=FAIL, cipher=DHE-DSS-AES256-SHA, bits=256/256

I've done some reading up on this and found that this could be an issue
with sendmail not knowing about the certificate authority that generated
the certificate for the client (which in this case I'm assuming is me)
since I used a self signed certificate.  Am I correct in this assumption
and I can safely ignore the error until I purchase a certificate from a
valid (a la Thawte/Verisign) certificate? Is the message encrypted
anyway?

-- 
James A. Peltier <james_(_at_)_site-fx_(_dot_)_net>
Site-FX Open Network Solutions Inc.

Follow-Ups:
- Re: STARTTLS, Sendmail, and maillog entries
  - From: Chuck Yerkes

Prev by Date: Re: dhclient line
Next by Date: Re: STARTTLS, Sendmail, and maillog entries
Previous by thread: ftp-proxy without inetd
Next by thread: Re: STARTTLS, Sendmail, and maillog entries
Index(es):
- Date
- Thread

Visit your host, monkey.org