[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SMTP TLS, SMTP AUTH, POP TLS -a plea
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: SMTP TLS, SMTP AUTH, POP TLS -a plea
- From: Thorsten Glaser <tg_(_at_)_66h_(_dot_)_42h_(_dot_)_de>
- Date: Fri, 22 Oct 2004 22:28:13 +0000
Henning Brauer dixit:
>* Rod.. Whitworth <listen_(_at_)_witworx_(_dot_)_com> [2004-10-22 14:36]:
>> You want it done at install time?
>> Where is your diff?
>
>setting up a CA at install time? gimme a break.
No need for a CA - it won't be trusted anyway.
Rather, just use a self-signed certificate.
After Damien Miller laughed at me, I've hacked it this way:
(of course, you might want/have to use [ ] instead of [[ ]] test)
/etc/rc:
========
if [[ ! -f /etc/mail/private/sendmail.key \
|| ! -f /etc/mail/private/sendmail.cer \
|| ! -f /etc/mail/private/my-ca.cer ]]; then
echo -n "openssl: generating new sendmail RSA key... "
rm -f /etc/mail/private/{sendmail.{ker,cey},my-ca.cer}
if /usr/sbin/openssl genrsa -out /etc/mail/private/sendmail.key 1024 \
>/dev/null 2>&1; then
chmod 600 /etc/mail/private/sendmail.key
/usr/sbin/openssl req -batch -new -subj "/CN=$(hostname)/" \
-key /etc/mail/private/sendmail.key \
-x509 -out /etc/mail/private/sendmail.cer
chmod 644 /etc/mail/private/sendmail.cer
ln /etc/mail/private/sendmail.cer /etc/mail/private/my-ca.cer
echo done.
else
echo failed.
fi
fi
/usr/share/sendmail/cf/openbsd-proto.mc
=======================================
define(`confCACERT', `MAIL_SETTINGS_DIR`'private/my-ca.cer')dnl
define(`confCACERT_PATH', `MAIL_SETTINGS_DIR`'certs')dnl
define(`confSERVER_CERT', `MAIL_SETTINGS_DIR`'private/sendmail.cer')dnl
define(`confSERVER_KEY', `MAIL_SETTINGS_DIR`'private/sendmail.key')dnl
define(`confCLIENT_CERT', `MAIL_SETTINGS_DIR`'private/sendmail.cer')dnl
define(`confCLIENT_KEY', `MAIL_SETTINGS_DIR`'private/sendmail.key')dnl
dnl This one is just faster and as secure as /dev/urandom.
define(`confRAND_FILE', `/dev/arandom')dnl
Visit your host, monkey.org