From owner-freebsd-questions@FreeBSD.ORG Tue Feb 14 10:40:20 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 35B6C1065670 for ; Tue, 14 Feb 2012 10:40:20 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from smtp.fagskolen.gjovik.no (smtp.fagskolen.gjovik.no [IPv6:2001:700:1100:1:200:ff:fe00:b]) by mx1.freebsd.org (Postfix) with ESMTP id 804DD8FC08 for ; Tue, 14 Feb 2012 10:40:18 +0000 (UTC) Received: from mail.fig.ol.no (localhost [127.0.0.1]) by mail.fig.ol.no (8.14.5/8.14.5) with ESMTP id q1EAeAWg001232 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 14 Feb 2012 11:40:10 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) Received: from localhost (trond@localhost) by mail.fig.ol.no (8.14.5/8.14.5/Submit) with ESMTP id q1EAeAG6001229; Tue, 14 Feb 2012 11:40:10 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) X-Authentication-Warning: mail.fig.ol.no: trond owned process doing -bs Date: Tue, 14 Feb 2012 11:40:10 +0100 (CET) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Sender: Trond.Endrestol@fagskolen.gjovik.no To: Bernt Hansson In-Reply-To: <4F3A334F.60305@bananmonarki.se> Message-ID: References: <4F39278A.8040502@bananmonarki.se> <4F392C2D.70900@infracaninophile.co.uk> <4F39ED2B.5010707@bananmonarki.se> <4F3A0705.70506@puresimplicity.net> <4F3A23B0.3040009@bananmonarki.se> <4F3A334F.60305@bananmonarki.se> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) Organization: =?ISO-8859-1?Q?Fagskolen_i_Gj=F8vik?= OpenPGP: url=http://fig.ol.no/~trond/trond.key MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="2055831798-1481896905-1329216003=:7134" Content-ID: X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mail.fig.ol.no Cc: Josh Tolbert , freebsd-questions@freebsd.org Subject: Re: Using sendmail as a client with auth X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Feb 2012 10:40:20 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --2055831798-1481896905-1329216003=:7134 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1 Content-Transfer-Encoding: 8BIT Content-ID: On Tue, 14 Feb 2012 11:11+0100, Bernt Hansson wrote: > On 2012-02-14 10:43, Trond Endrestøl wrote: > > On Tue, 14 Feb 2012 10:04+0100, Bernt Hansson wrote: > > > > > On 2012-02-14 08:02, Josh Tolbert wrote: > > > > On 2/13/2012 11:12 PM, Bernt Hansson wrote: > > > > > > > > > > Thank you for your answer. > > > > > > > > > > > > > I wrote this ages ago and it's still valid. You can ignore the IMAP > > > > stuff if you like. :) > > > > > > Well, no cigar for me. > > > > > > I'm leaning at this line. > > > And I think it is somehow involed in all this "mess" > > > > > > sm-mta[37453]: STARTTLS=client, relay=smtp.isp.com., version=TLSv1/SSLv3, > > > verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 > > > > I'm sorry for jumping into this thread, > > Don't be sorry for that. > > > but verify=FAIL is expected > > unless you have your ISP's certificate chain stored in the appropriate > > directory with the appropriate file names. > > I do not have a certificate from the isp. > > My tought was more in line of MY sendmail is sending > starttls first thing before auth login. Actually, this makes sense. It seems appropriate to establish an encrypted connection before sending the username and password. A parallel would be SSH. At the same time the use of SSL/TLS makes it harder to debug what's going on. > Then postfix gets confused. It sounds strange, but there's a slight chance something is odd at the ISP's end. > Possible scenario? I don't have any more input at the moment. The next step would be to establish a dialog with your ISP and persua^Wask them to investigate the matter further. > > /etc/ssl/certs would be a > > good place to store the certificates. > > > > A command like this one can be used to generate the "hashed" file > > names: > > > > ln -s certfile `openssl x509 -noout -hash< certfile`.0 > > > > > Any idea about that? The isp does support STARTTLS. > > > > > > telnet smtp.isp.com 25 > > > Trying x.x.x.x... > > > Connected to smtp.isp.com. > > > Escape character is '^]'. > > > 220 smtp.isp.com ESMTP Postfix (Ubuntu) > > > ehlo localhost > > > 250-smtp.isp.com > > > 250-PIPELINING > > > 250-SIZE 102400000 > > > 250-VRFY > > > 250-ETRN > > > 250-STARTTLS > > > 250-AUTH PLAIN LOGIN > > > 250-AUTH=PLAIN LOGIN > > > 250-ENHANCEDSTATUSCODES > > > 250-8BITMIME > > > 250 DSN > > > starttls > > > 220 2.0.0 Ready to start TLS > > > > > > > http://www.puresimplicity.net/~hemi/freebsd/sendmail.html > > > > > > That is a good site. Learnt me how to build sendmail at least. -- +-------------------------------+------------------------------------+ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. dir. 61 14 54 39, | Office.....: +47 61 14 54 39, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +-------------------------------+------------------------------------+ --2055831798-1481896905-1329216003=:7134--