[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SMTP TLS, SMTP AUTH, POP TLS -a plea



Henning Brauer dixit:

>* Rod.. Whitworth <listen_(_at_)_witworx_(_dot_)_com> [2004-10-22 14:36]:
>> You want it done at install time?
>> Where is your diff?
>
>setting up a CA at install time? gimme a break.

No need for a CA - it won't be trusted anyway.
Rather, just use a self-signed certificate.

After Damien Miller laughed at me, I've hacked it this way:


(of course, you might want/have to use [ ] instead of [[ ]] test)
		/etc/rc:
		========

if [[ ! -f /etc/mail/private/sendmail.key \
    || ! -f /etc/mail/private/sendmail.cer \
    || ! -f /etc/mail/private/my-ca.cer ]]; then
	echo -n "openssl: generating new sendmail RSA key... "
	rm -f /etc/mail/private/{sendmail.{ker,cey},my-ca.cer}
	if /usr/sbin/openssl genrsa -out /etc/mail/private/sendmail.key 1024 \
	    >/dev/null 2>&1; then
		chmod 600 /etc/mail/private/sendmail.key
		/usr/sbin/openssl req -batch -new -subj "/CN=$(hostname)/" \
		    -key /etc/mail/private/sendmail.key \
		    -x509 -out /etc/mail/private/sendmail.cer
		chmod 644 /etc/mail/private/sendmail.cer
		ln /etc/mail/private/sendmail.cer /etc/mail/private/my-ca.cer
		echo done.
	else
		echo failed.
	fi
fi

		/usr/share/sendmail/cf/openbsd-proto.mc
		=======================================
define(`confCACERT',		`MAIL_SETTINGS_DIR`'private/my-ca.cer')dnl
define(`confCACERT_PATH',	`MAIL_SETTINGS_DIR`'certs')dnl
define(`confSERVER_CERT',	`MAIL_SETTINGS_DIR`'private/sendmail.cer')dnl
define(`confSERVER_KEY',	`MAIL_SETTINGS_DIR`'private/sendmail.key')dnl
define(`confCLIENT_CERT',	`MAIL_SETTINGS_DIR`'private/sendmail.cer')dnl
define(`confCLIENT_KEY',	`MAIL_SETTINGS_DIR`'private/sendmail.key')dnl
dnl This one is just faster and as secure as /dev/urandom.
define(`confRAND_FILE',		`/dev/arandom')dnl



Visit your host, monkey.org