FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 04-14-2010, 07:47 PM
Don Levey
 
Default Getting Domainkeys, dkim, and SMTP-AUTH/TLS to play nicely together in sendmail

A while back I struggled to get Domainkeys and DKIM to work properly on
my little home server. While I'm sure they weren't necessary in a
strict sense, it not only enabled me to learn about the technology but
allowed for more of a verification of the email coming from my server.

And so this week I figured: "Hey, this has been working without a
problem for a while; it must be time to screw with something else."
Hence my effort to enable SMTP submissions over port 587. At the very
least, with some ISPs blocking traffic to port 25, this seemed to be a
good idea (as well as providing a better method for sending email using
my server from outside my home LAN).

I've read a number of write-ups of SMTP AUTH, including the information
at sendmail.org. I've run into a snag, however, with the .pem
certificate that is used for the DK stuff. The conventional wisdom
seems to be to run domainkeys/dkim as a user other than root, and a .pem
certificate is required. Therefore, to get this to run properly, the
permissions on the certificate need to me 600 or 400, owned by this user.

All well and good so far, except that STARTTLS doesn't like this:

STARTTLS=server: file /var/db/domainkeys/mail.key.pem unsafe:
permission denied

When I telnet to the server, port 587, and issue an EHLO, I see neither
AUTH nor TLS in the response.

The sendmail.mc file contains the line:

define(`localCERT',`/ver/db/domainkeys/mail.key.pem')dnl

So if there's a different line I can add to indicate to TLS/AUTH that it
should use a different cert (or, rather, the same one copied to a
different location with different permissions...) I don't know it.

Anyone ever run into this before?

-Don Levey
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 09:26 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org