From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <9front-bounces@9front.inri.net>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI autolearn=ham
	autolearn_force=no version=3.4.4
Received: from 9front.inri.net (9front.inri.net [168.235.81.73])
	by inbox.vuxu.org (Postfix) with ESMTP id 45AF527023
	for <ml@inbox.vuxu.org>; Wed, 15 May 2024 23:23:00 +0200 (CEST)
Received: from auth.driusan.net ([207.148.18.58]) by 9front; Wed May 15 17:21:46 -0400 2024
Message-ID: <4C1B6B746BF77B2F88319BBFCBFEB08C@driusan.net>
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=driusan.net; 
 h=subject:from:date:to:; s=20180128; 
 bh=DhTE79r8srAgNNt0Qf0vMFT2TLoUQQK5mGOaQn3sxaA=;  
 b=e4E/StpHwaFUdzSvdKoGhnfIrXJwv0K0u6ih/CgEj9Hri1l9K1QKPjFp9NGposPjgyCQUON7YO0t9FD0YuS/DhHrTXg36/948P4Qj2IxY/yLKjAhdc/KIZnc65aHeCRdL1M6SS88VSqzmqR9f9tLt0aQ3s7bxiA+eQCh8+gj9sspilUsBh6xK/o2kcPlTjw2d3czQXZlc99cnrug0eoQtr5eeZI5CNKaFQAF7ciqWt2PZMVLeHz2gObmtKDddTp22wNL1Z2mrbIJt7vGKxiw5G6fEPZ5nd5ruRBZbffUT7k9X6o8+zVC7TePIVZ+iQfGBLOlcp+e6aNFlWNVIGEZAA== 
From: "Dave MacFarlane" <driusan@driusan.net> 
Date: Wed, 15 May 2024 17:21:33 -0400 
To: 9front@9front.org 
MIME-Version: 1.0 
Content-Type: text/plain; charset="US-ASCII" 
Content-Transfer-Encoding: 7bit 
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: private anonymous persistence controller 
Subject: [9front] "Insecure" icon in gmail 
Reply-To: 9front@9front.org
Precedence: bulk

I just spent more time than I care to admit trying 
to get rid of the red "Insecure" icon on emails sent 
to gmail from my 9front box. 
 
In the end, the meat of my /mail/lib/remotemail ended up 
being 
	exec /bin/upas/dkim -s 20180128 -d driusan.net >[2]/sys/log/dkim| /bin/upas/smtp -s -h driusan.net .driusan.net $addr $sender $* 
 
But I had to modify upas/smtp to *not* validate the certificate 
for startls by commenting out the okCertificate line in  
/sys/src/cmd/upas/smtp/smtp.c 
 
This doesn't seem like a great idea, but without -s remotemail 
won't use startls, and with -s the list of thumbs needs to be 
maintained for every email server on the internet in order to 
send email as far as I can tell. 
 
So I have 3 questions: 
1. Am I missing something obvious? 
2. Is there a better way to do this? 
3. Would it make sense to add a flag to use startls but not validate certificates for upas/smtp? 
 
- Dave