Thanks Eric, does this rpm have also the cname lookup remove patch? Best, Peter
On Sat, Jun 30, 2018 at 9:06 PM, Eric Broch <ebr...@whitehorsetc.com> wrote: > Instructions for setting up greater than openssl-0.9.8 CentOS 5, minimal > testing done. This is done with openssl-1.01e > > https://www.qmailtoaster.org/newopensslcnt50.html > > Eric > > > > On 6/29/2018 4:51 AM, Peter Peltonen wrote: >> >> Great, thanks for sharing! >> >> One question: >> >> Eric had produced an RPM for qmail 1.03-1.3.23.i386 with the CNAME >> lookups removed. >> >> Yours is 1.03-1.3.22 and with CNAME lookups enabled I assume. >> >> How would one migrate the changes you did to Eric's version, as I >> would like to have both: newer TLS support + CNAME lookups removed? >> >> Best, >> Peter >> >> On Fri, Jun 29, 2018 at 10:34 AM, Eric Broch <ebr...@whitehorsetc.com> >> wrote: >>> >>> Thanks, Brian!!! >>> >>> >>> On 6/29/2018 1:32 AM, Brian Ghidinelli wrote: >>> >>> Good news - I seemed to have solved this. It's a combo of these old notes >>> from 2011 and an upgraded openssl: >>> >>> http://www.ghidinelli.com/2011/10/20/october-qmail-follow-up >>> >>> I'm attaching my modified qmail-toaster.spec from 1.3.21. I installed >>> openssl-1.0.2o from source on CentOS 5 and linked: >>> >>> /usr/include/openssl -> /usr/local/ssl/include/openssl/ >>> >>> Then I rebuilt the RPM: >>> >>> rpmbuild -bb --target i686 --with cnt50 >>> /usr/src/redhat/SPECS/qmail-toaster.spec >>> >>> This generated the RPM. I extracted the files: >>> >>> rpm2cpio qmail-toaster-1.03-1.3.22.i686.rpm | cpio -idmv >>> >>> I backed up my existing qmail-smtpd and qmail-remote.orig, and copied >>> the new binaries over (from /usr/src/redhat/RPMS/i686/var/qmail/bin >>> where cpio extracted them to) >>> >>> And then tested with checktls.com and everything shows TLS 1.2 now. >>> *whew* >>> >>> This buys us a little time to complete a migration. Hope this helps >>> someone >>> else! >>> >>> >>> Brian >>> >>> >>> On 6/27/18 09:09, Eric Broch wrote: >>> >>> Have a look at this thread: >>> >>> >>> https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg41029.html >>> >>> IMHO, there were to many packages that were dependent on openssl-9.8 on >>> the >>> CentOS 5 box to make this practical. >>> >>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >>> >>> >>> -- >>> Eric Broch >>> White Horse Technical Consulting (WHTC) >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> > > -- > Eric Broch > White Horse Technical Consulting (WHTC) > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com