If you want to run your sendmail config with TLS enabled, here are some configration options you can add to your sendmail.mc file:

if all parameters you want have been added, simple recompile the sendmail.cf with following command:
# m4 sendmail.mc > sendmail.cf

and restart your sendmail service.

Note on GMX and WEB.DE servers:
the DH parameter is needed if these clients refuse to connect an deliver email or see similar errors in your log:

STARTTLS=server, error: accept failed=0, SSL_error=1, errno=0, retry=-1

STARTTLS=server: 11964:error:1409442F:SSL routines:SSL3_READ_BYTES:tlsv1 alert insufficient security:s3_pkt.c:1092:SSL alert number 71

hello,

when executing some programs like bash, python, perl or yum you can sometimes encounter messages like these:

"-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8)"

or

"Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.UTF-8""

The fix for this bug is quite simple, just add following line to your /etc/sysconfig/i18n:

LC_CTYPE="en_US.UTF-8"

and the world is nice again 🙂

Update:
If using the MacOSX Terminal you can also deactivate the option "Set locale environment…" in the Terminal -> Settings -> Advanced tab.

You can use easy-rsa on pfSense to generate your OpenVPN keys.

WARNING: This may not be the ideal situation for deploying your PKI. If your OpenVPN server is compromised, your entire PKI will be compromised. This is typically of very little concern, as access to the firewall is highly restricted, and in most networks it's likely the most secure and least accessible device on the network.

Install

Just run the following from a SSH session:

# fetch -o – http://files.pfsense.org/misc/easyrsa-setup.txt | /bin/sh

This will download the files, extract them, and remove the downloaded file. After doing this, you will be prompted to run the next step manually. Copy and paste the last line displayed to generate your certificates (NOTE: If you have gone through this process previously, repeating this will wipe out all your existing certificates!)

# cd /root/easyrsa4pfsense && ./PFSENSE_RUN_ME_FIRST

This will first prompt you for your location and organization information, to be used when generating the certificate authority and initial certificates, and as defaults when creating additional certificates in the future. It will then create your certificate authority, a server certificate, and one client certificate. These files can be found in the /root/easyrsa4pfsense/keys/ directory.

If you are prompted for a challenge password, you most likely will want to leave it blank. Press enter at the challenge password prompt, and again on the confirm prompt.

Creating a client key

To create a new client key, SSH into the firewall, choose option 8 and run:

# cd /root/easyrsa4pfsense
# source vars
# ./build-key clientXXXX

Where clientXXXX is the name of the client.

You'll then find the client's keys in /root/easyrsa4pfsense/keys/

Revoke a client key

To revoke the key for client1:

# cd /root/easyrsa4pfsense/
# source vars
# ./revoke-full client1

Which will update the crl.pem file, the contents of which need to go into the pfSense OpenVPN GUI in the CRL field.

source: PFSense Docs