BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Getting Domainkeys, dkim, and SMTP-AUTH/TLS to play nicely together in sendmail
- Subject: Getting Domainkeys, dkim, and SMTP-AUTH/TLS to play nicely together in sendmail
- From: lug-TwWeWiF2EGRi+ztankeudA at public.gmane.org (Don Levey)
- Date: Wed, 14 Apr 2010 10:57:50 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A while back I struggled to get Domainkeys and DKIM to work properly on my little home server. While I'm sure they weren't necessary in a strict sense, it not only enabled me to learn about the technology but allowed for more of a verification of the email coming from my server. And so this week I figured: "Hey, this has been working without a problem for a while; it must be time to screw with something else." Hence my effort to enable SMTP submissions over port 587. At the very least, with some ISPs blocking traffic to port 25, this seemed to be a good idea (as well as providing a better method for sending email using my server from outside my home LAN). I've read a number of write-ups of SMTP AUTH, including the information at sendmail.org. I've run into a snag, however, with the .pem certificate that is used for the DK stuff. The conventional wisdom seems to be to run domainkeys/dkim as a user other than root, and a .pem certificate is required. Therefore, to get this to run properly, the permissions on the certificate need to me 600 or 400, owned by this user. All well and good so far, except that STARTTLS doesn't like this: STARTTLS=server: file /var/db/domainkeys/mail.key.pem unsafe: permission denied When I telnet to the server, port 587, and issue an EHLO, I see neither AUTH nor TLS in the response. The sendmail.mc file contains the line: define(`localCERT',`/ver/db/domainkeys/mail.key.pem')dnl So if there's a different line I can add to indicate to TLS/AUTH that it should use a different cert (or, rather, the same one copied to a different location with different permissions...) I don't know it. Anyone ever run into this before? -Don Levey -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFLxdfuiVR8AmYXiFARAmU+AJ44TJIdXYQnWq6OAFGoQROHOYeMSgCfa7uf 0FrZ118p6Bq6sH7jTD/CYZc= =NL6K -----END PGP SIGNATURE-----
- Prev by Date: Boston Linux Meeting Wednesday, April 21, 2010 Running Dragon NaturallySpeaking under WINE
- Next by Date: Flame War
- Previous by thread: Boston Linux Meeting Wednesday, April 21, 2010 Running Dragon NaturallySpeaking under WINE
- Next by thread: A bit OT: Help with web merchant selection
- Index(es):