logwatch entry from sendmail

[Paul Howarth]

On Sat, 2004-09-25 at 23:53, Filippos Klironomos wrote:
> Hello all,
>  I've been getting this logwatch entry from sendmail since I upgraded
> to FC2. I remember I had to fetch the sendmail package independently
> from the rest for some reason so maybe it didn't create all necessary
> files?
> 
> Here it is:
> 
> Bytes Transferred: 5624
> Messages Sent:     2
> Total recipients:  2
> **Unmatched Entries**
>    STARTTLS=server: file /etc/mail/certs/cert.pem unsafe: No such file
> or directory: 3 Time(s)
> 
> 
> Obviously 'cert.pem' is missing (figured that out by myself :)). Any
> quick fixes how to created it? A simple 'touch
> /etc/mail/certs/cert.pem' won't do the trick.
> 
> I am too busy (and lazy) to go through the man pages or the few books
> on system administration that I have discussing sendmail so anybody
> familiar with it please help!

This is a server certificate file for use with STARTTLS (encrypted
email).

cd /usr/share/ssl/certs
make cert.pem

You'll get asked to enter some values. Most of it's quite obvious but be
sure to enter your mail server's full hostname for the "Common Name"
parameter.

The resulting cert.pem file contains both a key and a certificate. These
should be in separate files, so copy cert.pem to cert.key and then edit
out (delete) the "CERTIFICATE" part from the cert.key file and edit out
(delete) the "PRIVATE KEY" part from the cert.pem file.

Then copy cert.pem and cert.key to /etc/mail/certs

Then:
cd /etc/mail/certs
chmod 644 cert.pem
chmod 600 cert.key

That should keep sendmail quiet.

Paul.
-- 
Paul Howarth <paul at city-fan.org>