From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <9front-bounces@9front.inri.net>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4
Received: from 9front.inri.net (9front.inri.net [168.235.81.73])
	by inbox.vuxu.org (Postfix) with ESMTP id 4F91C2214F
	for <ml@inbox.vuxu.org>; Wed, 15 May 2024 23:29:46 +0200 (CEST)
Received: from gaff.inri.net ([168.235.71.243]) by 9front; Wed May 15 17:28:48 -0400 2024
Received: from [127.0.0.1] ([168.235.81.125]) by gaff; Wed May 15 17:28:47 -0400 2024
Date: Wed, 15 May 2024 17:28:46 -0400
From: Stanley Lieber <sl@stanleylieber.com>
To: 9front@9front.org
In-Reply-To: <4C1B6B746BF77B2F88319BBFCBFEB08C@driusan.net>
References: <4C1B6B746BF77B2F88319BBFCBFEB08C@driusan.net>
Message-ID: <7D3498D0-575C-43F0-AD9D-38B4EF1CCE73@stanleylieber.com>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: social hardware module element service-aware framework 
Subject: Re: [9front] "Insecure" icon in gmail
Reply-To: 9front@9front.org
Precedence: bulk

On May 15, 2024 5:21:33 PM EDT, Dave MacFarlane <driusan@driusan=2Enet> wro=
te:
>I just spent more time than I care to admit trying
>to get rid of the red "Insecure" icon on emails sent
>to gmail from my 9front box=2E
>
>In the end, the meat of my /mail/lib/remotemail ended up
>being
>	exec /bin/upas/dkim -s 20180128 -d driusan=2Enet >[2]/sys/log/dkim| /bin=
/upas/smtp -s -h driusan=2Enet =2Edriusan=2Enet $addr $sender $*
>
>But I had to modify upas/smtp to *not* validate the certificate
>for startls by commenting out the okCertificate line in=20
>/sys/src/cmd/upas/smtp/smtp=2Ec
>
>This doesn't seem like a great idea, but without -s remotemail
>won't use startls, and with -s the list of thumbs needs to be
>maintained for every email server on the internet in order to
>send email as far as I can tell=2E
>
>So I have 3 questions:
>1=2E Am I missing something obvious?
>2=2E Is there a better way to do this?
>3=2E Would it make sense to add a flag to use startls but not validate ce=
rtificates for upas/smtp?
>
>- Dave
>

coincidentally, i'm getting ready to setup dkim=2E i'd welcome any learned=
 discussion on this topic=2E once i get something working i will document i=
t in the fqa=2E

sl