All, Does anyone have a TLS-enabled Sendmail package for SuSE 9.0? I have been searching high and low and cannot come up with one (other than building Sendmail from scratch.) I've checked the FTP's and all I found was the base package. Please advise. Thanks! ============================================ Drew J. Como Phone: 631-434-6600 Systems Administrator Fax: 631-434-7800 dcomo@bascom.com Web: www.bascom.com BASCOM Global Internet Services, Inc. -------------------------------------------- "When quality is the goal, winning is guaranteed."
Am Dienstag, 20. Januar 2004 16:52 schrieb Drew J. Como:
All,
Does anyone have a TLS-enabled Sendmail package for SuSE 9.0? I have been searching high and low and cannot come up with one (other than building Sendmail from scratch.)
No, i have never seen one. but perhaps one of those might work - but it's in spanish.... ??? http://rpmfind.rediris.es/rpm2html/sendmail.html if U trust them... Do you still need sendmail? Are you sure? Really sure? AFAIK sendmail is one big security risk... You better switch to postfix or qmail... However, enjoy! Markus
I've checked the FTP's and all I found was the base package.
Please advise. Thanks!
============================================ Drew J. Como Phone: 631-434-6600 Systems Administrator Fax: 631-434-7800 dcomo@bascom.com Web: www.bascom.com BASCOM Global Internet Services, Inc. -------------------------------------------- "When quality is the goal, winning is guaranteed."
-- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net
All, I tried rebuilding Sendmail from the SuSE sources, however I am coming up with the following error: db.h: No such file or directory It looks like it is looking for the library in the wrong place. The header file is installed by the glibc-devel package and is located in: /usr/include/db1/ Where could the build process be looking? Any help would be appreciated! --------------------- Drew Como -----Original Message----- From: Markus Feilner [mailto:lists@feilner-it.net] Sent: Tuesday, January 20, 2004 12:02 PM To: suse-security Subject: Re: [suse-security] Sendmail TLS package for 9.0 Am Dienstag, 20. Januar 2004 16:52 schrieb Drew J. Como:
All,
Does anyone have a TLS-enabled Sendmail package for SuSE 9.0? I have been searching high and low and cannot come up with one (other than building Sendmail from scratch.)
No, i have never seen one. but perhaps one of those might work - but it's in spanish.... ??? http://rpmfind.rediris.es/rpm2html/sendmail.html if U trust them... Do you still need sendmail? Are you sure? Really sure? AFAIK sendmail is one big security risk... You better switch to postfix or qmail... However, enjoy! Markus
I've checked the FTP's and all I found was the base package.
Please advise. Thanks!
============================================ Drew J. Como Phone: 631-434-6600 Systems Administrator Fax: 631-434-7800 dcomo@bascom.com Web: www.bascom.com BASCOM Global Internet Services, Inc. -------------------------------------------- "When quality is the goal, winning is guaranteed."
-- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Jan 20, Drew J. Como
I tried rebuilding Sendmail from the SuSE sources, however I am coming up with the following error: Sorry for the late answer, but at least on my SuSE 8.1 server the normal sendmail package is linked against libssl (check with 'ldd /usr/sbin/sendmail')
I think it just was a separate package before because of export regulations regarding cryptography. Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \
Markus,
With the SuSE 9.0 sendmail package by default,
it is linked against said library, however,
when I telnet into localhost on Port 25 and issue
the ehlo command, I see the following:
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI CRAM-MD5
250-DELIVERBY
250 HELP
I don't see anything in regards to '250-STARTTLS'.
Thanks :-)
============================================
Drew J. Como Phone: 631-434-6600
Systems Administrator Fax: 631-434-7800
dcomo@bascom.com Web: www.bascom.com
BASCOM Global Internet Services, Inc.
--------------------------------------------
"When quality is the goal,
winning is guaranteed."
-----Original Message-----
From: Markus Gaugusch [mailto:markus@gaugusch.at]
Sent: Tuesday, January 20, 2004 2:50 PM
To: Drew J. Como
Cc: suse-security@suse.com
Subject: RE: [suse-security] Sendmail TLS package for 9.0
On Jan 20, Drew J. Como
I tried rebuilding Sendmail from the SuSE sources, however I am coming up with the following error: Sorry for the late answer, but at least on my SuSE 8.1 server the normal sendmail package is linked against libssl (check with 'ldd /usr/sbin/sendmail')
I think it just was a separate package before because of export regulations regarding cryptography. Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \ -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Tue, Jan 20, 2004 at 03:01:33PM -0500, Drew J. Como wrote: : Markus, : : With the SuSE 9.0 sendmail package by default, : it is linked against said library, however, : when I telnet into localhost on Port 25 and issue : the ehlo command, I see the following: : : 250-ENHANCEDSTATUSCODES : 250-PIPELINING : 250-8BITMIME : 250-SIZE : 250-DSN : 250-ETRN : 250-AUTH GSSAPI CRAM-MD5 : 250-DELIVERBY : 250 HELP : : I don't see anything in regards to '250-STARTTLS'. That's b/c you probably haven't configured the certs that you need on your end. So, while sendmail may support STARTTLS, you need to actually configure it to activate it. To be certain, just issue the command 'sendmail -bt -d0.1' to get a listing of what features a particular build of sendmail supports. --Jerry -- "In argument, truth is discovered." -- Old Russian Proverb
All, Thanks for the help. I was (finally) able to get the Sendmail package from Sendmail.org to properly compile and I am well on my way. On to generate my keys.... Thanks :-) Drew -----Original Message----- From: Jerry A! [mailto:jerry@thehutt.org] Sent: Tuesday, January 20, 2004 3:11 PM To: suse-security@suse.com Subject: Re: [suse-security] Sendmail TLS package for 9.0 On Tue, Jan 20, 2004 at 03:01:33PM -0500, Drew J. Como wrote: : Markus, : : With the SuSE 9.0 sendmail package by default, : it is linked against said library, however, : when I telnet into localhost on Port 25 and issue : the ehlo command, I see the following: : : 250-ENHANCEDSTATUSCODES : 250-PIPELINING : 250-8BITMIME : 250-SIZE : 250-DSN : 250-ETRN : 250-AUTH GSSAPI CRAM-MD5 : 250-DELIVERBY : 250 HELP : : I don't see anything in regards to '250-STARTTLS'. That's b/c you probably haven't configured the certs that you need on your end. So, while sendmail may support STARTTLS, you need to actually configure it to activate it. To be certain, just issue the command 'sendmail -bt -d0.1' to get a listing of what features a particular build of sendmail supports. --Jerry -- "In argument, truth is discovered." -- Old Russian Proverb -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Thanks for the help. I was (finally) able to get the Sendmail package from Sendmail.org to properly compile and I am well on my way. If the suse package works, I'd never ever use a self-compiled package. If there is any security hole in sendmail, you have to do the update manually (and check manually for updated versions of sendmail, etc.). Otherwise, the SuSE people and fou4s/YOU can do the work for you ...
Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \
Markus Gaugusch wrote:
Thanks for the help. I was (finally) able to get the Sendmail package from Sendmail.org to properly compile and I am well on my way.
If the suse package works, I'd never ever use a self-compiled package. If there is any security hole in sendmail, you have to do the update manually (and check manually for updated versions of sendmail, etc.). Otherwise, the SuSE people and fou4s/YOU can do the work for you ...
Markus
That only works if there is a package for SUSE available that does what you want and is configured how you want. Unfortunaly, that isn't always the case. David
Drew J. Como wrote:
All,
Does anyone have a TLS-enabled Sendmail package for SuSE 9.0? I have been searching high and low and cannot come up with one (other than building Sendmail from scratch.)
IIRC in the past SUSE shipped an additional sendmail-tls package, but IIRC this functionality was put into the base package. This is a quote from /etc/sysconfig/sendmail: ## Type: list(server,client,both) ## Default: "" # # STARTTLS certification, for an explanation read # /usr/share/doc/packages/sendmail/op.txt.bz2 and # http://www.sendmail.org/~ca/email/starttls.html # The certification and key files are placed at # /etc/mail/certs/ as CA.cert.pem, MYServer.cert.pem, # MYServer.key.pem (for STARTTLS server) and # MYClient.cert.pem, MYClient.key.pem (for STARTTLS client) # possible values are `server', `client', or `both'. # STARTTLS="" I apologize if this is not the stuff you're looking for. best regards, Rainer Link
participants (6)
-
David Filion -
Drew J. Como -
Jerry A! -
Markus Feilner -
Markus Gaugusch -
Rainer Link