24.9.39.23 DontBlameSendmail=InsufficientEntropy (V8.11 and later)
The TLS library requires a strong pseudorandom number generator to operate at maximum
security. Depending on the version of the library you have installed, you might be required
to initialize that random number generator with random data. The OpenSSL library uses
the /dev/urandom device to perform that initialization. On systems that lack /dev/urandom,
a random file must be specified in its place. This is done with the RandFile option (?§24.9.94
on page 1076).
This is the Title of the Book, eMatter Edition
Copyright ?© 2007 O??™Reilly & Associates, Inc. All rights reserved.
1018 | Chapter 24: The O (Options) Configuration Command
If the RandFile option??™s file is not properly initialized withrandom data, or if that file is not
updated in a timely fashion, sendmail will refuse to honor STARTTLS. Although you are
strongly encouraged to either set up a good RandFile option??™s file, or run the egd(8)
daemon (?§5.3.1.2 on page 204), you might be unable to do so. In such a circumstance, you
can define this InsufficientEntropy item. When defined, it allows sendmail to use
STARTTLS even though the pseudorandom number generator was not properly initialized,
which silently weakens the cryptography used.
24.9.39.24 DontBlameSendmail=LinkedAliasFileInWritableDir
When a file lives in a directory that is writable by users other than root, or the trusted user
specified in the TrustedUser option (?§24.
Pages:
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813