Re: [ilugd] Re: [LIH]New sendmail breaks STARTTLS

Fri, 19 Sep 2003 22:09:34 -0700 

>>>>> "Suresh" == Suresh Ramasubramanian <[EMAIL PROTECTED]> writes:

    Suresh> Raj Mathur [9/20/2003 9:12 AM] :
    >> Where can I find this?

    Suresh> Threads on comp.mail.sendmail

Cool, will look.

    Suresh> What error are you getting in your logs?  This is from
    Suresh> cf/README ...
    >> verify=FAIL.

    Suresh> That is ok - as long as the mail gets through.

Nope, it's not OK since I'm using TLS to AUTH to the server, and it
doesn't let my mail through without it.

    Suresh> You'd normally have to present a client CERT signed using
    Suresh> the same CA as you used for your self signed CERT for
    Suresh> verify=OK, if you are controlling relaying using self
    Suresh> signed certs instead of using SMTP AUTH or relaying for
    Suresh> specific static IPs.

Precisely.

    Suresh> Normally if you are just using a self signed cert to TLS
    Suresh> encrypt mail, then it should go through without problem.

That it does, but it's not what I want.

    Suresh> Like I said, logs please.

Sep 20 10:31:07 mail sendmail[25919]: h8K517AF025919: <-- STARTTLS
Sep 20 10:31:07 mail sendmail[25919]: h8K517AF025919: --- 220 2.0.0 Ready to start TLS
Sep 20 10:31:07 mail sendmail[25919]: STARTTLS=server, get_verify: 0 get_peer: 0x0
Sep 20 10:31:07 mail sendmail[25919]: STARTTLS=server, relay=localhost [127.0.0.1], 
version=TLSv1/SSLv3, verify=NO, cipher=EDH-RSA-DES-CBC3-SHA, bits=168/168
Sep 20 10:31:07 mail sendmail[25919]: STARTTLS=server, cert-subject=, cert-issuer=
Sep 20 10:31:07 mail sendmail[25919]: AUTH: available mech=GSSAPI PLAIN LOGIN 
DIGEST-MD5 CRAM-MD5 ANONYMOUS, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN 
PLAIN
Sep 20 10:31:07 mail sendmail[25917]: STARTTLS=client, relay=[127.0.0.1], 
version=TLSv1/SSLv3, verify=FAIL, cipher=EDH-RSA-DES-CBC3-SHA, bits=168/168

The certificates are OK, they are read when Sendmail starts up, they
were working up to yesterday (before the upgrade).

BTW, the logs are from my local machine, but the remote server also
exhibits the same behaviour.

-- Raju
-- 
Raj Mathur                [EMAIL PROTECTED]      http://kandalaya.org/
       GPG: 78D4 FC67 367F 40E2 0DD5  0FEF C968 D0EF CC68 D17F
                      It is the mind that moves

_______________________________________________
ilugd mailing list
[EMAIL PROTECTED]
http://frodo.hserus.net/mailman/listinfo/ilugd

Reply via email to