On Mon, Feb 17, 2014 at 11:43:50PM +0100, Frank Brodbeck wrote:
> Hm, funny. I wasn't able to reproduce it on my side neither:
>
> # touch /etc/ssl/foo{pem,key}
> # chmod 0600 /etc/ssl/foo{pem,key}
> # grep foo /etc/mail/smtpd.conf
> pki foo certificate "/etc/ssl/foo.pem"
> pki foo key "/etc/ssl/f
Hm, funny. I wasn't able to reproduce it on my side neither:
# touch /etc/ssl/foo{pem,key}
# chmod 0600 /etc/ssl/foo{pem,key}
# grep foo /etc/mail/smtpd.conf
pki foo certificate "/etc/ssl/foo.pem"
pki foo key "/etc/ssl/foo.key"
pki foo ca "/etc/ssl/sbde-ca.pem"
# smtpd -nf /etc/mail/smtpd.conf
fat
On Sun, Feb 16, 2014 at 10:44:39AM +0100, Remco wrote:
> From smtpd.conf(5) on OpenBSD 5.4:
> (You seem to run CURRENT, which I didn't check, so things might be different
> in your case)
Yes I do. Sorry, running -current comes so naturally to me that I didn't
thought about mentioning it.
> You s
On Sat, Feb 15, 2014 at 09:26:35PM +0100, Frank Brodbeck wrote:
> Hi,
>
> On Fri, Feb 14, 2014 at 07:24:32PM -0500, Ted Unangst wrote:
> > I would try using a full path.
> >
> > pki example ca "/etc/ssl/myca.pem"
>
> I already tried it with full path. But I got it working now by
> specifying cer
On Sun, Feb 16, 2014 at 10:44:39AM +0100, Remco wrote:
> Frank Brodbeck wrote:
>
> > Hi,
> >
> > On Fri, Feb 14, 2014 at 07:24:32PM -0500, Ted Unangst wrote:
> >> I would try using a full path.
> >>
> >> pki example ca "/etc/ssl/myca.pem"
> >
> > I already tried it with full path. But I got it
On Sun, Feb 16, 2014 at 12:37:08AM +0100, Gilles Chehade wrote:
> On Sat, Feb 15, 2014 at 09:26:35PM +0100, Frank Brodbeck wrote:
> > Hi,
> >
> > On Fri, Feb 14, 2014 at 07:24:32PM -0500, Ted Unangst wrote:
> > > I would try using a full path.
> > >
> > > pki example ca "/etc/ssl/myca.pem"
> >
>
Frank Brodbeck wrote:
> Hi,
>
> On Fri, Feb 14, 2014 at 07:24:32PM -0500, Ted Unangst wrote:
>> I would try using a full path.
>>
>> pki example ca "/etc/ssl/myca.pem"
>
> I already tried it with full path. But I got it working now by
> specifying certificate and key, too:
>
> pki example cert
On Sat, Feb 15, 2014 at 09:26:35PM +0100, Frank Brodbeck wrote:
> Hi,
>
> On Fri, Feb 14, 2014 at 07:24:32PM -0500, Ted Unangst wrote:
> > I would try using a full path.
> >
> > pki example ca "/etc/ssl/myca.pem"
>
> I already tried it with full path. But I got it working now by
> specifying cer
Hi,
On Fri, Feb 14, 2014 at 07:24:32PM -0500, Ted Unangst wrote:
> I would try using a full path.
>
> pki example ca "/etc/ssl/myca.pem"
I already tried it with full path. But I got it working now by
specifying certificate and key, too:
pki example certificate "/etc/ssl/relay.crt"
pki example k
On Sat, Feb 15, 2014 at 01:09, Frank Brodbeck wrote:
> But how do I get opensmtpd to actually verify the certificate? I tried
>
> pki smart.example.tld ca "ca.pem"
>
> But it then says:
>
> fatal: load_pki_tree: missing certificate file
I would try using a full path.
pki example ca "/etc/ssl/
Hi,
I am trying to setup a smart relay for myself which should only relay if
it's able to verify the certificate presented by the relay.
So I added the following line into my smtpd.conf:
accept from any for domain example.tld relay via tls://smart.example.tld
hostname mail.example.tld verify
B
11 matches
Mail list logo
