When starting sendmail, I would get the below messgage:
Oct 18 23:59:01 srv02 sendmail[20857]: alias database /etc/aliases rebuilt by root
Oct 18 23:59:01 srv02 sendmail[20857]: /etc/aliases: 79 aliases, longest 22 bytes, 860 bytes total
Oct 18 23:59:01 srv02 sendmail[20862]: starting daemon (8.13.1): SMTP+queueing@01:00:00
Oct 18 23:59:01 srv02 sendmail[20862]: STARTTLS: CRLFile missing
Oct 18 23:59:01 srv02 sendmail[20862]: STARTTLS=server, Diffie-Hellman init, key=512 bit (1)
Oct 18 23:59:01 srv02 sendmail[20862]: STARTTLS=server, init=1
Oct 18 23:59:01 srv02 sendmail[20862]: started as: /usr/sbin/sendmail -bd -q1h
Oct 18 23:59:01 srv02 sm-msp-queue[20872]: starting daemon (8.13.1): queueing@01:00:00Although, sendmail would still run without the CRL File and just complain about it missing. A quick way to include it in the sendmail configuration is to download revoke.crl from cacert.org, add the below option in sendmail.mc and rebuild the sendmail conf file as below.
Download revoke.crl:
# cd /usr/share/ssl/certs
# wget http://www.cacert.org/revoke.crlAdd the below line to "/etc/mail/sendmail.mc" just below the "confSERVER_KEY":
define(`confCRL', `/usr/share/ssl/certs/revoke.crl')Rebuild sendmail conf by running make:
# cd /etc/mail
# makeCheck sendmail.cf with the revoke.crl listed as below:
O CRLFile=/usr/share/ssl/certs/revoke.crlNow restarting sendmail should not complain about the missing Certificate Revocation List (CRL) File.
