Am new to this community, and have been using the LE CA certs for quite some time now.
HOWEVER, having been placed on the Spamhaus CBL “boo boo” list, I want to get this fixed as quickly as possible.
For those who make reference to individuals who are sadomasochists for using Sendmail, I would completely agree; and, I am one of them. I am trying to setup, configure and operate a production Mailman environment, and have cluster-kludged Sendmail and Mailman to work quite nicely.
I would love nothing more than to be able to use LE CA certs for Sendmail/Mailman, but have been finding only complaints or configuration issues described ad nauseum for this sort of configuration.
I found the one “how-to” on LE CA certs and Postfix, and that is all well and good; however, I would like to do something involving Sendmail and Mailman.
NB enabling TLS won’t magically fix whatever problem caused you to get CBL listed. I assume below that you’ve just decided you ought to have TLS, and this is not the right forum for you to try to diagnose whatever config errors / policy mistakes / virus-infected PC or whatever it causing you to get listed.
Divide and conquer. Your problem can be split into two smaller problems, each of which people have solved many times
You need to get Let’s Encrypt to issue you an appropriate certificate. The name on the certificate should be the DNS name of the MX, not the domain name it operates as MX for, nor any other name. You can easily obtain such a certificate using the Certbot tool in “certonly standalone” mode if the server doesn’t already run a web server, or using software like dehydrated or https://acme.sh/
You need to get Sendmail to present this certificate when people connect
You didn’t specify how you configure your sendmail. If you use sendmail.cf you will need something like
O CACertPath=/etc/letsencrypt/live/example.com
O CACertFile=/etc/letsencrypt/live/example.com/chain.pem
O ServerCertFile=/etc/letsencrypt/live/example.com/cert.pem
O ServerKeyFile=/etc/letsencrypt/live/example.com/privatekey.pem