sendmail TLS question

Bill Oliver Fri, 23 Aug 2013 13:45:22 -0700


I'm having a bit of an issue with sendmail.  To be honest, this is in a recent 
installation of CentOS rather than fedora, but the CentOS forum hasn't been 
particularly useful.  So, this is a cry of desperation.


Basically, I had been running Fedora 16 on a virtual server, but since it's no 
longer supported, I was getting antsy about keeping it up.  The virtual server 
provider didn't have an image for Fedora 19, but did have one for CentOS 6, and 
I figured that was as close as I would be going to get.

In the new installation, I cannot send to one site.  I can send OK to other 
sites. I have regenerated all of my certificates, and I self-sign.  It *looks* 
like the recipient is trying to verigy through gmail, though he insists that he 
doesn't use gmail.  I don't know if it's me or its him.  Any pointers would be 
greatly appreciated.

Here's the maillog for the mail that doesn't go through, with the "real" recipient name 
being replaced with "recipi...@recipient.com" (though the rest of the relay is left 
intact):


**********************************
Aug 23 14:33:00 hope sendmail[2006]: r7NJX0rY002004: SMTP outgoing connect on 
hope.billoblog.com
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, init=1
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, start=ok
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, info: fds=11/10, err=2
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS: x509 cert verify: depth=1 
/C=US/O=Google Inc/CN=Google Internet Authority, state=0, reason=unable to get 
local issuer certificate
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS: TLS cert verify: depth=1 
/C=US/O=Google Inc/CN=Google Internet Authority, state=0, reason=unable to get 
local issuer certificate
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, info: fds=11/10, err=2
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, get_verify: 20 get_peer: 
0x2136f10
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, 
relay=recipient.com.s8a1.psmtp.com., version=TLSv1/SSLv3, verify=FAIL, 
cipher=AES256-SHA, bits=256/256
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, 
cert-subject=/C=US/ST=California/L=Mountain+20View/O=Google+20Inc/CN=*.psmtp.com,
 cert-issuer=/C=US/O=Google+20Inc/CN=Google+20Internet+20Authority, 
verifymsg=unable to get local issuer certificate
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:01 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:01 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:01 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:02 hope sendmail[2006]: r7NJX0rY002004: to=<recipi...@recipient.com>, 
ctladdr=<consu...@hope.billoblog.com> (505/505), delay=00:00:02, xdelay=00:00:02, 
mailer=esmtp, pri=120495, relay=recipient.com.s8a1.psmtp.com. [64.18.7.10], dsn=2.0.0, 
stat=Sent (Thanks)
Aug 23 14:33:02 hope sendmail[2006]: r7NJX0rY002004: done; delay=00:00:02, 
ntries=1
Aug 23 14:33:02 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:02 hope sendmail[2006]: STARTTLS=client, SSL_shutdown failed: -1
*************************************************************


Here's one that went through, sent from my server at billoblog.com to my work 
address at ecu.edu:

*************************************************************
Aug 23 14:11:29 hope sendmail[1798]: r7NJBSnc001796: SMTP outgoing connect on 
hope.billoblog.com
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, init=1
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, start=ok
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS: x509 cert verify: depth=0 
/C=US/ST=North Carolina/L=Greenville/O=East Carolina 
University/OU=ecu.edu/CN=mail1.ecu.edu/emailAddress=postmas...@ecu.edu, 
state=0, reason=self signed certificate
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS: TLS cert verify: depth=0 
/C=US/ST=North Carolina/L=Greenville/O=East Carolina 
University/OU=ecu.edu/CN=mail1.ecu.edu/emailAddress=postmas...@ecu.edu, 
state=0, reason=self signed certificate
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, get_verify: 18 get_peer: 
0x2023998
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, relay=mail1.ecu.edu., 
version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, 
cert-subject=/C=US/ST=North+20Carolina/L=Greenville/O=East+20Carolina+20University/OU=ecu.edu/CN=mail1.ecu.edu/emailAddress=postmas...@ecu.edu,
 
cert-issuer=/C=US/ST=North+20Carolina/L=Greenville/O=East+20Carolina+20University/OU=ecu.edu/CN=mail1.ecu.edu/emailAddress=postmas...@ecu.edu,
 verifymsg=self signed certificate
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: r7NJBSnc001796: to=<oliv...@ecu.edu>, 
ctladdr=<consu...@hope.billoblog.com> (505/505), delay=00:00:01, xdelay=00:00:01, 
mailer=esmtp, pri=120322, relay=mail1.ecu.edu. [150.216.17.111], dsn=2.0.0, stat=Sent (ok: 
Message 296403614 accepted)
Aug 23 14:11:30 hope sendmail[1798]: r7NJBSnc001796: done; delay=00:00:01, 
ntries=1
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, SSL_shutdown failed: -1
*************************************************************


Here is a local email:
*************************************************************
Aug 23 14:42:06 hope sendmail[2112]: NOQUEUE: connect from hope.billoblog.com 
[50.7.12.26]
Aug 23 14:42:06 hope sendmail[2112]: AUTH: available mech=NTLM CRAM-MD5 LOGIN 
PLAIN DIGEST-MD5 ANONYMOUS GSSAPI, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 
CRAM-MD5 LOGIN PLAIN
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: Milter: no active filter
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 220 hope.billoblog.com 
ESMTP Sendmail 8.14.4/8.14.4; Fri, 23 Aug 2013 14:42:06 -0500
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: <-- EHLO hope.billoblog.com
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-hope.billoblog.com 
Hello hope.billoblog.com [50.7.12.26], pleased to meet you
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-ENHANCEDSTATUSCODES
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-PIPELINING
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-8BITMIME
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-SIZE
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-DSN
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-ETRN
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-AUTH GSSAPI 
DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-STARTTLS
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-DELIVERBY
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250 HELP
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: <-- STARTTLS
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 220 2.0.0 Ready to 
start TLS
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS: internal error: tls_verify_cb: 
ssl == NULL
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS: internal error: tls_verify_cb: 
ssl == NULL
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS=server, get_verify: 0 get_peer: 
0x0
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS=server, relay=hope.billoblog.com 
[50.7.12.26], version=TLSv1/SSLv3, verify=NOT, cipher=DHE-RSA-AES256-SHA, 
bits=256/256
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS=server, cert-subject=, 
cert-issuer=, verifymsg=ok Aug 23 14:42:06 hope sendmail[2112]: AUTH: available 
mech=NTLM CRAM-MD5 LOGIN PLAIN DIGEST-MD5 ANONYMOUS GSSAPI, allowed 
mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jS002112: <-- EHLO hope.billoblog.com

Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-hope.billoblog.com Hello hope.billoblog.com [50.7.12.26], pleased to meet youAug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-ENHANCEDSTATUSCODES

Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-PIPELINING
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-8BITMIME
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-SIZE
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-DSN
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-ETRN
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-AUTH GSSAPI 
DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-DELIVERBY
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250 HELP
Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: <-- RSET
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250 2.0.0 Reset state
Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: <-- MAIL 
FROM:<ven...@billoblog.com>

Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: --- 250 2.1.0 <ven...@billoblog.com>... Sender okAug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2

Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: <-- RCPT 
TO:<bi...@billoblog.com>
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: --- 250 2.1.5 
<bi...@billoblog.com>... Recipient ok
Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: <-- DATA
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: --- 354 Enter mail, end with 
"." on a line by itself
Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: from=<ven...@billoblog.com>, 
size=321, class=0, nrcpts=1, 
msgid=<alpine.lrh.2.02.1308231441500.2...@hope.billoblog.com>, proto=ESMTP, 
daemon=MTA, relay=hope.billoblog.com [50.7.12.26]
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: --- 250 2.0.0 
r7NJg6jU002112 Message accepted for delivery
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jV002112: <-- QUIT
*************************************************************


Any ideas?  I have no idea what "STARTTLS=read, info: fds=11/10, err=2" means, 
and Google hasn't been much help.

Thanks,

billo



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

sendmail TLS question

Reply via email to