I've been trying to get my sendmail config to do TLS for quite a while now. I'm running FreeBSD, pretty much stock -- sendmail, apache, bind. I have a NetSol certificate, this works fine for Apache https connections.
I'm trying to get this same certificate to work for TLS. First question: is this a bad idea?
I can confirm the option is present by telnet'ing in and issuing an EHLO. When I send email via my server from (for example) my iPhone, it seems to work just fine.
However, when my server tries to deliver mail to any of the big guys (e.g. comcast.net), I get a verify=failed, and (it's been a few weeks since I tried, I think it was) a relaying denied error. My guess is the CA file isn't right.
2nd question: does anyone know a way to get sendmail to tell me WHY "verify=failed"?